 Hey, everybody. Welcome, welcome. We've had a bunch of folks up here today kind of already talk about some of the industry practices that are getting better. And I think this is super exciting. We're seeing security teams more empowered, with more budget to be able to go affect change than ever before, for example. We're seeing at lower layers in the stack better infrastructure options and defaults. Cloud provider deployments are much more secure than they used to be. We're getting better at locking down the lower layers. The renewed focus on software supply chain and S-bomb is great. We don't quite know what to do with S-bombs yet. That's kind of one of the big pain points today. But we are developing tools and practices around that that, again, should have big impact on how we deliver software securely. And some of the other efforts that we're seeing across the landscape include moving to runtime asserted computer-verified checks that we're implementing controls rather than a checkbox that we did once every year. Projects like OSCal, the open-source compliance assessment language, help drive this automation and this computer verification. Net of all of this is that security is moving up the stack. Brian earlier talked about a bunch of attack vectors that they're looking at. And none of them were the attacker got on the network and talked directly to the database and egressed a bunch of data. Much more sophisticated attacks now. And the policy that we want to write to be able to mitigate and time box and limit the space of an attacker needs to be more and more application context aware. We need to move that closer to the application. Things like identity-based policy moving up from network-based policy is one way that we can do that. But there's a ton more that we need to start to apply. ZeroTrust itself isn't a mystery. There's a lot of fun around what ZeroTrust is. It's fundamentally two things. It's people process and it's runtime controls that answer and mitigate the question, what if the attacker is already inside the network? Around 2009 actually is when the original kind of ZeroTrust write-ups came out. That's when the term started to appear. And that happens to coincide very closely with some leaks where we found out that actually for quite a lot of major companies, somebody was in the network. That's what motivates a lot of the ZeroTrust ideology today. So I want to make this a little bit more concrete though. So just talking about runtime, not the people process side, there's a lot of kind of mystery around ZeroTrust. And I really want to boil it down to something that we can kind of use as a litmus test for the rest of this conference. There are five policy checks at a minimum that we should be doing if we want to call our system ZeroTrust. So we want to start to realize that idea of mitigating what an attacker who's already inside the perimeter can do. And those five policy checks are here. We need authenticity of our messages and that they can't be eavesdropped. We need encryption and transit. We need service level identity that we can authenticate at runtime. Ideally, we want a cryptographic identity. We want to be able to use those identities to do runtime service to service authorization to control which workloads can talk to each other. Then we want to be able to take the end user into account as well. We need to be authenticating the end user in session and we need to be authorizing the actions they are taking on resources in the system. And all of this is not new, right? If you look at things like API gateways and Ingress gateways and similar, we do these checks usually. But we need to be doing them not just at the front door but every single hop in our infrastructure, every single time anything is communicating. We need to be applying at minimum these five checks. And this is an area where there's active standards that are evolving. We're going to introduce in a little bit later talk this idea of this identity-based segmentation and using that to realize as ETA. Come check that out basically immediately after the break, after keynotes in room 609. And that's, we'll dig into those five runtime checks and a lot more besides. And with that, thank you all.