The next generation of cybersecurity leaders have a vision for the future of cybersecurity. Facing advanced nation-state threats, the breakneck speed of tech innovation and a deluge of zero days, Lauren Zabierek is moving the dial on workforce diversity to tackle these challenges. Lauren, senior policy advisor for Cybersecurity and Infrastructure Security Agency and co-founder of #ShareTheMicInCyber, is also helping organizations “shift left” by integrating security principles into the innovation process.
The next generation of cybersecurity leaders have a vision for the future of cybersecurity. Facing advanced nation-state threats, the breakneck speed of tech innovation and a deluge of zero days, Lauren Zabierek is moving the dial on workforce diversity to tackle these challenges. Lauren, senior policy advisor for Cybersecurity and Infrastructure Security Agency and co-founder of #ShareTheMicInCyber, is also helping organizations “shift left” by integrating security principles into the innovation process.
Don’t miss the latest episode of WE’RE IN! to hear Lauren’s insights into why cybersecurity job descriptions are broken and how talking to everyday people can build the pipeline of cyber talent.
----------
Listen to learn more about:
* Which cybersecurity story she’d like to see made into a Christopher Nolan movie
* Why she believes “diversity is national security”
* How she ended up with Ms. magazine bylines
[00:00:00] Blake: Hello, and welcome to We're In, a podcast that gets inside the brightest minds in cybersecurity. I'm your host, Blake Subchak, and I am so pleased to be joined today by Lauren Zabierek, Senior Policy Advisor for the Cybersecurity and Infrastructure Security Agency, or CISSP. She has had an illustrious career in cyber and national security, spanning the armed services to the private sector and just about everything in between. She's now with the nation's top civilian cybersecurity agency, but before we jump into the conversation and see what Lauren's up to at CISA, let's hear a quick word from our sponsor.
[00:00:32] Kristen: Attending BlackHat this year? Ditch the hot Vegas sun and head to the deep sea. Float by Synax. Booth to explore our strategic security testing platform that helps organizations discover, manage, and remediate the vast ocean of threats. You can catch a demo and learn how to navigate the most critical vulnerabilities with members of our Cenac Red team. Join us at booth number 2 3 2 8.
[00:00:59] Blake: Thank you so much, Lauren, for joining us on the podcast. It's really great to have you here.
[00:01:02] Lauren: Thank you, Blake. It's really great to be here.
[00:01:05] Blake: So I wanted to jump right in and talk about this hashtag share the mic in cyber initiative that you co founded to start off for, for listeners who may not be so familiar with that particular social media campaign and what it stands for, how would you describe it and its goals and what inspired you to start it?
[00:01:22] Lauren: So I was inspired, actually, we, I should say, we, my co founder Camille Stewart Gloucester and I were inspired. I'll say separately, because I did not know her before we started this. It's, it's honestly, I think a very serendipitous story, but I was inspired by the Share the Mic Now campaign on Instagram, which was really focused on uplifting Black women in entertainment and politics. And I think it's kind of a funny story because I, I just remember I was sitting there on the couch. I was very pregnant with my, my youngest kid. I just saw her scrolling through Instagram and I saw this and you know when you get this really great idea and you just sort of like your whole body feels charged with it and I reached out to a friend and, and they said, yeah, that, that sounds really interesting. And then I think it was later that day, I saw Camille Suric Lunster tweet. And like I said, I did not know her before. I had never even heard of her and she had posted something very similar. So I reached out to her. I, I slid into her DMs, as they say. And within just, you know, an hour or so we started texting each other and we decided to just try something. We put it together within two weeks. We leveraged our networks and said, Hey, do you want to participate in this? And we put it out there and I had realized at the time I was at the Belfer Center at the Harvard Kennedy School that I had a platform and with that platform comes responsibility. And, you know, especially a leader in the field, I thought, you know, we, we really need to do something. And Camille also being a leader, I think she felt very similar. And I think that was really borne out by the reaction, you know, by the community. And of course, you know, by the industry writ large, just to, you know, this outpouring of support in them and also just like, wow, this is really needed. So it's really there to uplift those voices of the black cyber community. And, you know, try to get people in those positions and, and, you know, pull people into the field. I mean, ultimately our premise is that diversity is national security. That's something that Camille and I, I both share there. And so that's really ultimately what we're trying to do.
[00:03:41] Blake: Well, that's a really good point. And I certainly, I think a lot of our listeners will appreciate you jumping right in and using your platform back then to get this initiative started. Fortunately, it seems like there's a little bit of a wider recognition now, three years plus on, of that point that you just made, that diversity is a matter of cybersecurity and national security and, you know, in our interests. Of course, beyond that, it should also just be in our interests as supportive people and wanting to build a bigger tent and a bigger community in the cybersecurity community generally. But if that, if that wasn't enough, you know, I think that's a very valid point. We, you know, we need all of the best ideas we possibly can get to tackle some of these challenges. Hey, I wanted to highlight, you know, through your work in Share the Mic in Cyber, you've gotten a few really interesting bylines, including in Ms. Magazine. And I come from a journalism background myself in the DC area that, you know, Politico and E& E News and whatnot. And so I have a lot of respect for some of these non traditional media outlets that command this almost legendary status in the community. So what can you share about those and just stepping back your philosophy for diversifying cyber?
[00:04:45] Lauren: Yeah. You know, I've seen various, well, actually let me back up. When I think about cybersecurity and national security and thinking about getting more people into the field, I think about people who maybe don't think about it on a day to day basis. It's not really a part of their world. And so wanting to get out to those audiences really inspired the idea to reach out to Ms. Magazine within this network that I'm a part of. And, and, you know, when I reached out to. The editor in chief there, they were so receptive, and it was just so cool to have this idea and to be able to leverage that platform, and we really wanted to highlight the Black women in cyber who, you know, had participated in Share the Mic in Cyber, so we did this Monthly feature for, I think it was nine or 10 months. And, and I'm so happy we got to do that. But yeah, there, there have been other outlets, especially Cyber Scoop and, and others that have, you know, really embraced what we're trying to do and, and really trying to uplift the mission as well. And, and I think that's so important because, And you see a lot of voices in cybersecurity, especially in these publications. And we want to make sure that those voices are diverse because that then leads to influencing what's going on, you know, whether in industry and on a technical side or the policy side. And again, we want to make sure that those sorts of things are being not only influenced from diverse perspectives, but those outcomes too are the best that we can have for our country.
[00:06:22] Blake: Well, it's, it's really been an incredibly impactful program and hearing about its genesis of this particular campaign, I guess I should spend more time on the couch scrolling through Instagram. I think that's, apparently that's where the best ideas are formulated and they don't have to tell me twice. So fast forward to your current role, your title is Senior Policy Advisor for the Cyber Security and Infrastructure Security Agency. What does that entail?
[00:06:44] Lauren: Great question. So I've been here for the last six months, and it gives me such a cool opportunity to not only look across my division, so I'm in the cybersecurity division, but also across the agency, and then, you know, across even the interagency, to really look at some interesting challenges. That, whether it's, you know, the agencies facing or, or, you know, the cybersecurity community in general. And it just allows me to really think about these things and come up with. You know, some potential ideas or solutions, but also the ability to reach out to various communities, various organizations, bring together people, make coalitions, identify possible solutions and drive toward that in different ways. So it's been really exciting. It's, you know, these last six months have been a lot of fun. I'm learning a ton. There's a lot of different things that. I am learning in this role, especially about working within the interagency and, and sort of how, you know, the, the sausage really gets made. So I, I'm so grateful for it.
[00:07:55] Blake: Yeah. And I would be curious to hear more about the culture at CISA where, you know, it's, it's, it's been half jokingly said that. Security is so important there. It's in the name twice. And I guess if you work in the cybersecurity division there, then you get security in your name three times, which is pretty impressive. So, and you've worked in the private sector at Recorded Future, Deloitte, served in the Air Force. You've been, you know, part of the US intelligence community through the National Geospatial Intelligence Agency. I guess what has really struck you? What sets CISA apart?
[00:08:23] Lauren: Well, I will say every step of the way, all the jobs that I've had have been impactful in different ways, and they've really served to move me along to things and expose me to things and teach me things that I needed to learn at that time, so I'm really just grateful for all those experiences. Coming to CISA, I knew that I had wanted to come back to government eventually. After leaving the intelligence community and moving up to the Boston area and especially being at the Belfer Center where that opportunity allowed me to meet some credible people, do some interesting research, you know, have that platform and then to, you know, use that to, to launch back into government has been really great. Now, I think what sets CISA apart is not only the mission, right, everyone I've met here has been so dedicated to the mission in each of their own different ways. You can really tell the intentionality with the culture, right, especially what director Jen Easterly has really been working towards. You can feel it, right? It's not just talk, it's resources, it's this message permeating throughout the organization, it's internal webinars, it's, it's, you know, the ability or the, the feeling that you're supported in doing things. I think it's been so fun and I've, I've really loved it. So. Yeah, I, I'll just say, you know, to anyone who's really thinking about government service and, you know, CISA specifically, you know, highly recommend.
[00:09:53] Blake: No, I've, I've certainly appreciated Jen Easterly's, her public face and really representing the agency. I think well in engagements with press and getting out there and sharing information about the mission. And also I feel like that culture extends to what you're doing here on the podcast, which we really appreciate of being open about some of these shared challenges because. You know, even coming up through the journalism ranks, you, you know, you mentioned CyberScoop, I, I do feel like there's this sense of we're all in this together, ultimately, like I have a bias that I want to keep the lights on and my water flowing and whatnot, and my system is secure, you know, I don't think that's a, that's such a, an unworthy goal. So I really appreciate it. And to Pivot a little bit, Oppenheimer hit the big screen recently and everybody's been buzzing about the dawn of nuclear war. Just we're tackling the light subjects here. Now, on a serious note, what lessons from the nuclear world and atomic diplomacy can we apply to cyber? Cause I have heard those comparisons made before.
[00:10:49] Lauren: Yeah, there have been a lot of comparisons and you know, I'll say the, the three things that really stand out to me are the fact that. Much like atomic weapons, cyber is a tool, right, in a broader policy, diplomatic, military toolbox, right, for nation states to, you know, to pursue their interests. And also, like atomic capabilities, those cyber weapons and capabilities can be transferred to other actors, right, that aren't necessarily constrained by the same sort of norms and rules that maybe nation states are. Right. And then finally, the fact that cyberattacks, like, you know, an atomic weapon, like the impact of that affects civilians, I think, is probably the most profound. You know, you can't keep a cyberattack solely targeted on a government or military target, right? It spreads around, that's the very nature of the internet. And so, like I said, it's a tool that exploits the weaknesses and the connectivity of societies. And so I think those are the definite ways that they're related. I mean, certainly there are differences as well, but I think that's something to remember about the capabilities.
[00:12:10] Blake: Definitely. And your point about the unintended consequences, you know, is well taken. I remember in, in 2017 covering the NotPetya cybersecurity attack that just. Absolutely spilled beyond the borders of what evidently was the original target in Ukraine and caused billions of dollars worth of damages. And you know, that is something, yeah, okay, maybe a cyber attack isn't, we're not worried about it lighting the atmosphere on fire like the initial nuclear test in Oppenheimer, but you know, it still carries quite a significant punch. You know, following up on that, I wanted to quote from the cyber projects website to kind of dip into your Harvard background a little bit here that quote, 40 years ago, an interdisciplinary group of Harvard scholars, professors, researchers, and practitioners came together to tackle the greatest threat of the cold war, the fear of a nuclear exchange between the Soviet Union and the United States. Today, we seek to recreate that interdisciplinary approach to tackle a new threat, the risk of conflict in cyberspace. How does cyber stack up in that hierarchy of national security risks? Oh, that last part, I guess, was my question, not the quote, I should say.
[00:13:18] Lauren: Um, yes, I do remember the phrase from our website there. Yeah. So again, I think it's important to remember that cyber is a tool again, right? For nation states to use to pursue their interests, whatever those might be. But I think what cyber does, maybe more than a conventional method is that it offers stealth and reach, right? So a lot of these attacks that we've heard about in the last couple of years, right, many times those adversaries have been there for quite a while, right? We hear a lot about the initial intrusion and then maybe living off the land or, you know, doing a lot of harvesting and, and sort of reconnaissance, right? So, so there's that element and then the reach part, right? So where cyber is really exploiting. Lots of weaknesses, right, in our products, in our software, hardware, et cetera, as well as the very connected nature of those products that allows the attackers to have far more reach, to impact more organizations, more people, more systems, basically, so as far as stacking up, I'd I don't know if I can necessarily answer that, but it, you know, more than I would say other sort of conventional means, I think those two things stand out to me as, as important ones.
[00:14:40] Blake: They're both conventional threats and cyber threats are important in their own rights. I guess, yeah, we don't, we don't need to necessarily compare and contrast too much. You know, we got to deal with it all, right? That's the, the beauty and the challenge of the national security community, I guess. So, but 20 years from now, if, if Christopher Nolan, who. Hopefully we'll still be directing movies at that point. We're to actually direct a film about cybersecurity. What do you think you'd cover?
[00:15:05] Lauren: Oh, gosh, you know what I'd like him to cover? So this, this kind of goes to one of the efforts that I'm working on. If you've heard of this initiative called Secure by Design, right? And. I would love to see a movie about the, the way that the industry made a change, right? Our whole entire ecosystem made a change to have more secure and therefore more safe products and maybe that story, maybe that journey, because that journey towards making that change I think is really profound. And, and, and I say that because in our efforts, we've really been studying. You know, a couple of different things, but, but specifically the auto industry in the 1950s and 60s and even through the 70s and 80s and how change was made there. And, and if you're familiar with that at all, you might know that in the 50s and 60s, automobiles were really designed and manufactured for speed and for style, not for safety. And so you've had these horrific accidents that resulted in so many deaths. But, then Ralph Nader comes along and, and, you know, Congress gets involved and through a number of different interventions, policy, law, and other economic things too, the automobile industry started designing safety into the automobile from the very beginning, right? And that became an intrinsic part of that automobile's value. And then if you look at a raft of. You know, over the next decades and half the population has grown and, and I can't remember if the number of crashes may be has held steady or declined or increased. I don't know, but the number of deaths from those crashes precipitously dropped. And so we're, we're using that as an interesting case study to see how we can make that change and really what that could actually yield in the next few years.
[00:17:05] Blake: Yeah, that, that is a great analogy, and it also just underscores how huge the challenge is in a cybersecurity world, because I feel like connectivity permeates just about every product that we engage with. And you talk about cars, yeah, those will also need to be secured by design, but so will our routers, so will our smart fridges, so will just about everything else we touch, so I do think there's potentially a lot of drama there to be unfurled as we all tackle these threats together. Now, speaking of tackling threats with, you know, obviously that takes people who know what they're doing and know how to design these products with security in mind and have the engineering chops or the cybersecurity interest to really address that. And we hear about this talent gap in cybersecurity and maybe the circles back a little bit to your share the mic in cyber initiative. But how does the cybersecurity community need to change to foster diversity and inclusion and really build that bigger tent?
[00:17:58] Lauren: From our time doing this, there's a couple of different. Themes that I've pulled out, you know, to answer that question. I think the first is the pathways in, right? You hear a lot about people who, you know, do go into training, whether it's through a degree granting program or through other means of education. Or maybe there are certifications, right? And they then are looking into the job market and they see these jobs that require a number of years of experience and a whole host of certifications. So, so that's one, we need to do a better job in developing those pathways in and maybe, you know, changing, especially the entry level requirements and, or giving people a way to get that experience right off the bat, maybe, you know, whether that's through on the job training or in the past I've talked about national service, right? Where you could get that sort of quote unquote boots on the ground experience and while maybe allowing organizations that don't necessarily have the resources to pay, you know, top dollar to then have this expertise or, you know, developing at those organizations. The second one I think is, this is something I said earlier with, you know, getting more voices at the table and developing more connection either with peers or with people who are maybe more advanced or less advanced, you know, throughout the industry, right? So creating those connections. And then finally, I would say too, is the pathways into leadership, right? Getting more diverse voices into those leadership positions because. I often cite this example from, it was probably from a decade ago, but the
[00:19:40] Blake: We won't to fact check you.
[00:19:41] Lauren: Yeah, the honorable Michelle Flournoy had said at some point in some speech that, and perhaps she was quoting somebody else too, that when more diverse leaders make up at least 30% of that organization, right, real transformational change starts to happen. So those are the areas that I would love to see. You know, not only this industry, but other industries throughout national security really work on it. I think that's something that we can do to, you know, very concrete actions we can take.
[00:20:10] Blake: That's a really good point about reaching a certain level of diversity. There's that element of like, not just one, right? I've seen that reflected in discussions of board diversity, that if you have, for instance, one woman on a board, that can sometimes not have the same positive results as if even you just have two or more. There can be some sort of tokenization going on or some effects that are having a negative impact, even when you sort of say that you're ticking that box of like, oh yeah, we've reached diversity now. But yeah, that's really important to keep in mind that this is a, you know, a constant effort that we need to undertake and be aware of. So yeah, really, really interesting. I wanted to pivot for a second here and talk about something that I know that CISA has been pushing lately on some fronts. And I wonder if this intersects with your portfolio at all, which is software bills of materials or, or SBOMBs, not to be confused with the, uh, atom bombs we were talking about earlier. These are, these are, these are good. These are good bombs, I think. So how are you thinking about supply chain security and risk in your role?
[00:21:07] Lauren: From my role, especially through Secure by Design is really trying to go way, way, way, way left of that, right? To say like from the design phase as a business decision. These manufacturers of tech products, software, hardware, et cetera, need to consider how to build safety into that from a number of different perspectives. You know, and this is in line with the national cybersecurity strategy that really says that the burden of security and safety should not fall solely on the customers, right? The consumers of those products, right? And so, you know, as far as the, the software bills and material, it's a, it's a really important thing because then that really illuminates. The products that are in your ecosystem, right? So that we know what's there and we know where they came from and things like that. But yeah, the, the work that we're trying to do, it goes even further left of that to try to ensure at least the things that for, what we can have some influence over, we, as you know, our society, our country. That whatever goes into that bill of materials, we know is secure and therefore safe.
[00:22:18] Blake: So in a, in a perfect world, we could just tear up the S bomb and just say, you know what? We know all of this is secure by design and we can trust it. I know that's maybe a little optimistic given the, given the realities of fast paced software development these days and whatnot, but, uh, I hear you. Yeah. That, that emphasizing that need to think about things. Further and further left. What's the old mantra? The shift, shift left is, is, uh, I guess that plays into it. So what's, what's next on your radar at CISO?
[00:22:44] Lauren: Yeah, well, one of the things I'll be doing is I will be at DevCon this year, which I'm really excited about. We're going to be doing a couple of different sessions. So if you are around, definitely please come say hello.
[00:22:56] Blake: I am jealous. I will not be making DEF CON this year, but definitely we'll, we'll have some, we'll have some folks over there. So we'll have to swing by and say hello. DEF CON is such a unique conference. I feel like it's, it's a very special one. It attracts a full spectrum of the security community. So it's a great place to be.
[00:23:13] Lauren: Yeah, it's, uh, technically my second DEF CON, although the, the, I was supposed to go, I think it was two years ago when, remember the Delta variant was spiking. Oh, yes. Yes, so I decided not to go, but I did a panel virtually, so. I am looking forward to being there in person this year.
[00:23:30] Blake: I know that the, uh, COVID pandemic did result in that one actual time DEF CON was canceled as well during the worst of it, where it's a long running inside joke that DEF CON is always canceled. But in that case, it actually kind of had to happen for the in person element. But this year on the bright side, we'll, we'll look out for you there. And yeah, definitely good to know. It's, it's an exciting one. Particularly, I'm glad you mentioned the National Cyber Security Strategy because. You know, as we're recording this, it was just recently released the implementation plan for that. And it seems like a lot of things are happening on the cyber front from both a government perspective. And seeing the response from the private sector too, I guess, would you want to add anything about the cyber strategy and, and CISA's role there as, as you've kind of adjusted to the interagency realities that you're working with?
[00:24:20] Lauren: Yeah. I mean, I think anyone would see, you know, within the implementation plan and the strategy itself, like CISA absolutely has a huge role. And I think you're right, you know, this is something that I've, I've talked about a lot with, you know, friends and, and family and colleagues is that the activities that we see, or we have seen in the last couple of years when it comes to cyber, especially in the federal government, really been, I think, profound. And that's not to say, you know, in, in previous administrations, like I know people were doing important things, but I think you're seeing a lot more of it. You're seeing a lot of investment. You're seeing all the leadership is, you know, they're all dedicated and they're all so experienced. And I, I've said this, I think we're, we're going in a really good direction from a federal cybersecurity standpoint. So it's, it's just really exciting to watch. And then also too, when you think about the strategy and the implementation plan and all that. You know, I think what you also see is, first of all, not only the acknowledgement that a strategy is only as good as its implementation, right, and the follow on actions that are needed in order to, you know, make things happen, but also the fact that It's truly an interagency effort and, and really whole nation too, but it doesn't just fall on one or two organizations, it's, it's across the board. And I think too, once you, once you see the forthcoming cyber workforce strategy, you know, that those, those themes will, you know, be repeated as well. And you'll see too, that there's such a, again, this whole of nation effort and, and need really. So I, I just think. We are going in a good direction from a national standpoint.
[00:26:11] Blake: Well, thanks again for the, uh, the contributions to that effort and your work over a varied career in, in several roles, really all geared toward addressing some of these challenges. So now finally, I did want to ask you something. We, a question we pose to all of our guests here on the show, which is what's something we wouldn't know about you just by looking at your LinkedIn profile. The fun fact question, if you will.
[00:26:37] Lauren: I guess that one of the earliest things I remember, or at least in high school, is that I really wanted to be a drummer. I love music. I, I just, and you know, music to me is so transformational. It transports you. It's transcendent, right? I've always loved music and I, I always wanted to play it and I, I never really had the opportunity when I was younger to try to learn, but it always stayed with me. I, I always say I've always been a really good air drummer, but on my final deployment to Afghanistan, I just remember, you know, I, I would just put on my headphones for hours as I was doing my work, you know? And I was listening to a lot of rock at that point, especially Def Leppard, and I just thought to myself, okay, this is it. When I get home, and this is back in 2014, by the way when I get home, I am going to learn to play the drums. How many years after high school was this that I'm like, I'm gonna do this. And so yeah, when I, when I got home, I, my husband had gifted me some lessons and then eventually I got my own drum kit and yeah, again, I am not good, I'm not a good drummer. Like I, I don't practice enough, but I have learned not, not through reading the music cause I haven't seen any notation on it, but through listening over and over I've learned to play. I don't know if you're familiar with the band The War on Drugs. But, yeah, they have this song, I Don't Live Here Anymore, and I don't know, it's just, I love that song, and so I learned it. And I love playing it. It just like, you're just sort of transported to a different place. And so my next goal is I really want to learn one by U2. U2 is like my favorite band in the world. So that's my next goal.
[00:28:24] Blake: Well, I don't know. That sounds like a pretty advanced drumming assignment there. So I. I guess we'll have to interview your neighbors to really get a sense of whether your drum skills are up to snuff or not. I, I, uh, that's a great story and certainly appreciate the musical side of things. I'm, I'm a bit of a percussion instrument person myself, but I, I play, I play piano. So technically percussion, I wouldn't say it's quite on the same level as drums, but. I guess, I hear they have those electric sets now you can do, which I can't say I've tried, but...
[00:28:50] Lauren: I do, and I think that was my first actually, like, before getting a real drum kit, I got an electric one. It just wasn't the same. I just couldn't, you know, really rock out to it, you know?
[00:29:01] Blake: That makes sense. I feel like part of the fun is definitely the rocking out aspect. So I respect that. Well, Lauren, thank you so much for joining us. Really appreciate hearing your insights and how you're tackling some of these really pressing challenges over at CISA.
[00:29:13] Lauren: Thanks, Blake. This was such a pleasure to be on and to speak with you. So thank you.
[00:29:18] Blake: If you liked what you heard today, I hope you'll give us a five star rating and review. It's a big help. And please share this episode if you know anyone who could appreciate a little InfoSec wisdom on their morning commute. We have a whole catalog of episodes well worth a listen, so you may want to check out past interviews as well. Finally, if you know someone who might be a good fit to appear on the podcast or have any comments or feedback, drop us a line at we'reinpodcastsatsynack. com. That's S Y N A C K dot com. Until next time.
[00:29:49] Kristen: We're In is brought to you by Synack. If you're looking for on demand, continuous access to the world's most skilled and trusted security researchers, you can learn more at Synack dot com. Synack recently launched its Empower Partner Program so that partner organizations can more easily offer the Synack pen testing platform to their own customers. This approach helps optimize Synack partners technical competencies and allows them to better integrate Synack into their portfolios. It's a way that partners can win new business by adding continuous, best in class solutions to cybersecurity, cloud, and DevSecOps offerings. Synack partners with organizations around the world to make them safer, more resistant to cyberattacks, and more capable of finding and fixing dangerous vulnerabilities before attackers are able to exploit them. Learn more at synack. com. That's S Y N A C K dot com.