 And I think people, Ben, you are seeing my screen, I hope. I think I'm sharing my, yeah, good. Okay. All right. Let me know when we're ready to go, Ben. Recording is running. We are set. Okay. Welcome, everybody, to become a cybersecurity ninja. Today is session four of our 10-part webinar series. And by the way, this may turn out to be more sessions than 10. We're going to see how I get to that at the end of the session today, so we have our first little hiccup in terms of our scheduling, but we'll get to that at the end. It's been going so smoothly so far. I knew there was going to be something. Today's session is the at dollar sign, I'm sorry, at pound sign dollar signs of encryption ABCs, of encryption, communication, information, and device encryption basics. So I hope that is what everybody's here for today. And today it'll just be Ben and myself. We do not have a co-presenter today, but we will work to have additional co-presenters elsewhere. And as you can see from our schedule, we've covered threat modeling. We've covered network security basics. We've covered authentication two weeks ago. Today we're going to be talking about encryption, and we're going to be taking requests for next week. We had gone fishing on the schedule. We're going to move that back to give us some time to line up with additional things we wanted to have ready for that session. And the other one was going to be mobile security, security on the move, on your mobile devices, things like that. We can still do that one, but I thought I would actually open it up since we have this kind of gap in the schedule now and see if people wanted to maybe try some other things. So we'll get to that at the end, and folks can kind of think about that. And then we'll keep trucking along. I, of course, am Joshua Peske, Vice President of Technology Strategy here at Round Table Technology. Round Table Technology is a team of dedicated professionals. We operate out of Maine, and Ben is talking to you from. We operate out of New York. I am talking to you almost directly above Penn Station here in New York City right now, and we help hundreds of organizations achieve their missions through effective use of technology. And with that, our learning objectives today, understanding encryption. We'll talk about plain text, cyber text. We'll talk about how encryption works, why you may want to encrypt some information. We're going to go through a pretty specific way of using a specific software of how to encrypt email. We're going to see if we can't get everybody attending the session today to actually understand symmetric versus asymmetric encryption. So if you weren't in the mood for a little bit of a technical dive today, I apologize, but we're going to see if we can get through that all intact. We're going to talk a little bit about encrypting mobile devices and, of course, resources for further learning, and then actually try to pick next session. So we're going to launch our first poll here, and then go ahead and kick that up. I'm curious to know, have you encrypted any of these things? Have you encrypted messages? Have you encrypted instant messaging? Have you encrypted emails? Have you encrypted files? Have you encrypted voice conversations? Have you encrypted video conferencing? And if you haven't encrypted anything, of course you can let us know. And I just want to get a sense for what kind of encryption has been going on, what people are doing. And let's leave that open just for a minute. Go ahead and close that up and show the results then. We'll take a look. And so a fair amount of encryption going on. So about 19% just under one-fifth of us have encrypted messages. Almost half have encrypted emails. It's great. Over half have encrypted files and not much voice and not any video encryption going on. All right, thank you so much, Ben. And let's go ahead and close that up and get back to it. So what is encryption anyway? What is encryption when we talk about it? So we're all on the same page. In case it's not obvious to folks. We have plain text there on the left. I have a message. I encrypt it using some set of rules for an algorithm. And that algorithm is referred to as a cipher, which is a broad way of describing the rules by which we scramble up the information so that it is unreadable. Pig Latin would be the simplest probably cipher that I can think of where I take the first letter off of the word or word way and move it to the end and then add an A after it, right? So I can, if I was going to say, I don't know how you would do encryption. If I was going to do round table, I'd say ound table ray. And that would be Pig Latin for round table. So that's probably the simplest cipher that we can think of is a way to scramble information. It's pretty easy to decrypt, but nonetheless, a cipher. So we encrypt the information into a scrambled cipher text and then the message can be sent to someone or a group of people. And if they have the rules or the key to decrypt it, they can look at that message, convert it back to something that they can read. And that is in a nutshell, the simplest way I can describe it, how encryption works in case anybody wasn't clear on that. And we're going to just cover some basic concepts that you'll hear as we talk about encryption. Plain text is, of course, unencrypted text, and that's most of what you're looking at right now, unencrypted text. This webinar is not encrypted, which is making it much easier, hopefully, for everybody to take in the information from the webinar, although when we get to symmetric versus asymmetric information, you may, encryption, you may feel that it is encrypted, hopefully not. Cipher text is information or text that is encrypted, so it's information that is sealed up in that secure envelope and encrypted by that set of rules. The cipher, as I described, is the set of rules for encrypting information. A key is usually a password of some kind, but can be other things. A key, as an example, as in the picture, is a shared code that we can use to enable decryption of messages. Symmetric encryption is one key that is used to encrypt and decrypt. So I have a password that I share with Ben in some secure way. I put a document, I password protect it. I send him the document by email or I put it in a shared space. He goes to open the document and it prompts him for a password. And then he opens it up. Asymmetric encryption is where we use two keys, what's called a public-private pair, and we're going to get into it. And I just thought I'd point out that the term decipher, which we are familiar with, of course comes from cryptology, so e.g. to decode an encrypted message or to decipher it to get through the cipher that's been used to encrypt it. Why encrypt information? So we have a nice little cartoon here. I'm going to give everybody a chance to read, which is if you're not planning to break the law, why should you care that I have security cameras in our bed? And so people will, I think, reasonably ask if I don't have, if I'm not doing anything illegal, if I'm not doing anything untoward, if I'm not super secure secrets, why should I go through the trouble to encrypt information? And I'm not going to go deep into that question. I'm going to bring up this quote from Esther Dyson. If you're familiar with who she is, I recommend looking it up. There's also lots of other folks who have something to say, but I'll read her quote aloud here. Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government. It's hard to think of a more powerful, less dangerous tool for liberty. And to have that privacy and to have this ability to share information with one another in a way that we feel guarantees our privacy and security around it is a critical part of living in a free country. And there are also, for businesses, there may be lots of compelling reasons that go outside of this in terms of, if I want to, for example, email a social security number to someone, I'd like to have a secure way to do that if I need to communicate a password to somebody over email or in a document. I'd like to have a secure way to do that because I know, especially if you've been attending our cybersecurity webinars, that putting sensitive information in plain text is not a really good practice. That's a great way for information to be compromised. And in a nutshell, that's where we might get. So I wanted to throw up another poll real quick before we get into some encryption, which is have you ever used the encrypted messaging app signal? This is something that I think a lot of people have been hearing about over the last probably six months or so. I'm curious to know how many people at the webinar today have either used it, have not used it but have heard of it, or have never heard of it until now. We'll just leave this open for a few more seconds. I'm just curious just to get a sense of where we're at in terms of people's use of encryption of different applications. Then let's go ahead and show the results for that. Not many people using it. About half of the folks in the webinar today have heard of it or are actually using it. And over half, a little bit over half have never heard of it. So that's, I guess, a good thing. Let's go ahead and close that up then. I'm glad we can share information with people today. So let's talk a little bit about signal by whisper systems. And they're building out additional tools that you'll be able to use for voice and for video conferencing. Voice is actually available now, video conferencing, as I believe in beta. If anyone on the webinar knows otherwise or has more updated information by all means, let me know. Signal is a messaging app that you can install. It is free. You can install it on either iOS or on Android. And it allows you to send group texts, pictures, and video messages all without fees. You get to use your existing contact information, but everything is encrypted and encrypted in an incredibly secure way. And if you look at the names, some of you might not know all of these names, but Edward Snowden, certainly people know. Bruce Schneier is an enormously highly respected cybersecurity professional. Laura Patras, the filmmaker and journalist, and Matt Green, actually, not familiar with him, but they are very reputable folks saying this is one of the most secure platforms that they certainly would recommend to use. And if you are looking to add a layer of security to your messaging or potentially to your voice in the future or to your video conferencing, and this is an application I would strongly recommend, this is as clearly as there is one vendor in this space, Signal is that vendor for secure messaging. And I just realized I didn't have the questions open, so I don't know if anyone... Okay, there's a few things in the chat, but nothing too much I need to attention to now. So what we're going to talk about next over the next few slides here, because I think this is largely where people were coming to the webinar today, kind of more of a how to for encryption. I'm going to walk you through in a kind of detailed sense how encryption works in email. And for this, I'm going to be using an encryption service called CryptUp, which is another very highly regarded service that is also free. It works unfortunately just with Gmail, so if you're not a Gmail user, you can't use CryptUp. Office 365 actually does have an encryption capability built into it that Microsoft provides. It's a little bit more complex to enable and use. You need your administrator to enable that. I'm not going to do a how to for that in this webinar, but that's something to know in there, of course. Other services that you can layer on top of Outlook or on top of Office 365, that can add encryption there. For now, we're going to walk this through with Gmail. You can install and be using this within probably two to five minutes. I'd say the 60 seconds is a bit ambitious, but you can certainly do it pretty quickly. Once you have installed this, when you go to compose a message, you'll have these two different options. It's pretty straightforward. If I'm just writing a general message to Ben or to my colleague Destiny or to a client, I just hit my normal compose button. If I want to send information as encrypted, let's say I want to send Ben a password. I'd like to have that password be encrypted so that it's not something that someone would find in my sent items. It's not something that they would find in Ben's inbox if either of those became compromised. It's also not something if someone happens to be listening on the wireless network that I was on or were able to intercept our communication at any point that they would be able to get. In that case, I would choose the secure compose button. When I choose that, I get a screen. This is, again, encrypted, but it's pretty similar with most of the encryption email applications, where I have the background of the message body, the information that is encrypted, is visually distinct from the other parts of the message. Sometimes some of the, like Virtru, for example, which is another very common one that's also free to use in its personal version, allows you to have an unencrypted part of your message body so I can actually write a short note, and then an encrypted part of my message body. Cryptup doesn't do that. Cryptup, the entire message body is encrypted. I've tried to make it as clear as I can here. The subject line is not going to be encrypted. That's plain text. The information that's on that locked background, that's going to be encrypted as soon as I hit send. So when I hit encrypt and send, it will be a bit slower than it would if I wasn't trying to apply encryption here, but not so much that you'd notice, a couple of seconds. And when I receive this message, if I don't have the ability to encrypt it, if I don't have the key to decrypt this message, or if I'm not the correct recipient, I would get the subject line. I could see that Joshua at Roundtable Technology at Com has sent a message to somebody, and I would know who that somebody is, and I would say I would be able to see the subject line. This is not encrypted, but the message itself would look like that. That's what the cipher text looks like. And if I don't have the key to be able to decrypt this information, that's what I'll see. And one of the possibilities, by the way, and I didn't actually list it, is this idea of metadata, which is not something that we've talked about and is not on the agenda for our cybersecurity series, but it occurs to me that perhaps it should be. The other things that I've talked about, this information that I, Joshua at Roundtable Technology, have sent a message to some other person on this date at this time, perhaps even from a certain location, that's all metadata that would still be available to someone who was snooping around and trying to observe all this or had access to my mailbox to backtrack, but they still would not be able to see this actual message, what's here that's encrypted. So the metadata is all the kind of stuff that surrounds it, but the actual data that I was trying to protect is still protected. And we could do a session on metadata if people are interested in that, which I certainly think is a not horrible idea. Anyway, if we are able to decrypt it, so if I have the key, this is what it looks like. So again, if we go back, that's the ciphertext. It's not readable. That's the decrypted text, that is the plain text after I have decrypted it, and now I see the information. So this is what the recipient sees if they are the right recipient and have the key to decrypt the information. And that's your basic walkthrough of how to send an encrypted mail, and again, they all work a little bit differently, but that's the basics of sending an encrypted email message. All right, now here's our deep dive. So everybody take a nice deep breath. If you need to get up and stretch a little bit, do what you got to do, get ready. We're going to try to walk through this and hopefully we're not going to hurt ourselves. I'm going to ask how well right now do you understand symmetric versus asymmetric encryption? So Ben, let's go ahead and throw that poll up. And I'm going to make an assumption that we're probably not going to have a lot of people that are saying, oh, we got a couple people, say they understand it well, and maybe they'll help me explain it because I'm not sure I did not. Let's go ahead and close up that poll, Ben. Okay, so we've got a few people that do think they understand it well, and that's awesome. And as I go through this, if you have comments for me that correct anything I do, by all means, I welcome that. But the majority, as I thought, don't understand it well, so let's keep, maybe screenshot that really quickly. I want to keep that number in mind as we get to that. Okay, so bear with me. We've got Spock and Kirk here to look at, and don't go cross-eyed. So symmetric encryption, shared key. When you send someone a password-protected document, I talked about that before. If I take an Excel spreadsheet, and I put a password on it, and then I email it to you, this is in effect what I am doing. I have a message, Klingon's Attack Vulcan. If we start on the left here under Mr. Spock. Mr. Spock has a secret key. So let's say the password is, you know, the USS Enterprise. So he encrypts the message, Klingon's Attack Vulcan with that password, USS Enterprise, and it becomes this ciphertext, this gobbledygook that we see in the middle there. Kirk, I'm sorry, Mr. Spock, exchanges that key with Kirk's, he's on a secure channel by the face-to-face. They're on a phone call that they believe is secure. They send an encrypted email to each other, you know, however, or maybe they do a mind-meld of some kind. But Mr. Spock, in some way, you know, says, tapping Kirk the password, the shared key for this document that I'm sending to you, this message, is USS Enterprise. Kirk then gets this encrypted message, this gobbledygook key, enters the key, USS Enterprise, and that allows him to decrypt the message and Klingon's Attack Vulcan. That is symmetric encryption where we have the same key. And if we needed to share it with three or four or 10 or 100 people, everybody has to have that same key, which is usually a password. When you're joining a wireless network, right, you're entering a key to join that network. That's a shared key that allows you to join this encrypted space where you can then work. All right, that's symmetric encryption. Now, we're going to go with asymmetric encryption, also referred to as public key encryption, sometimes also as public slash private key infrastructure, the three different things, and we're going to walk through this a little bit. So in this case, what's kind of cool about this is that you don't have to have a key that you've shared in advance. Alice, who wants to have people be able to send her encrypted information, provides a public key. This public key allows anyone who has it to encrypt information and then send it to Alice, and she can give that key to as many people as she wants because it doesn't allow them to decrypt her information unless she sends it to them with that particular key, but it allows her to decrypt anything that's been encrypted with that key, but only her. It requires both keys, essentially, in order to work. So Bob takes this message, hello, Alice. He encrypts it with Alice's public key, and then he sends the message to Alice. Now, if someone else has the public key, they cannot decrypt the message if it's been encrypted with the public key. Only the private key can decrypt messages that have been encrypted with the public key. Hopefully, everybody's still with me. So once Bob encrypts the message with Alice's public key, now only Alice, if she's the only one who has her private key, which is how it should be, she's the only one who can now decrypt that message and she can see it as, hello, Alice. And that's how public private key and that public private key infrastructure, that kind of encryption, allows you to do a lot of things that the shared key doesn't. So some differences between these two things. Symmetric requires a pre-shared key. We both have to have the same key and we both have to know what it is, and that has to be pre-shared before we start encrypting information together. It is much faster than asymmetric encryption. It's much easier. It's less complicated to use. We just share a password, and everybody kind of understands how that works. Asymmetric allows for secure communication without a pre-shared key. So I can publish that public key. Someone can encrypt that information to the public key and send it to me, and we're able to have a secure communication without having to figure out how to share a password beforehand. And we don't even have to find a private channel to share that beforehand because I can publish the public key and make it available. It can be more complicated to use. It also has another kind of need purpose which allows for digital signing, which means I, with my private key, can actually send out messages that people can read, and while I can't encrypt them, what I can do is allow people to verify them. So my private key essentially has a signature that people with the public key can use to verify that that message actually came from me. I'm not going to cover that today, but I'm going to cover the public key and the secondary benefit or ancillary benefit of the public-private key architecture. If you want to try this, I have gone ahead and put up my PGP key under my picture on our team page. If you go to Roundtable's team page, under my picture you'll see a little link for a PGP key. It'll look like a giant encrypted thing, and if you want to use CryptUp or some other system that supports what's called PGP or Pretty Good Privacy, then you can go ahead and try to send me a secure message, and if you succeed in doing so, I will be delighted to reply to it. So everybody can go ahead and try that, hopefully not right this moment, but whenever you want. And now we'll moment of truth, see if I lost everybody. Did everybody leave the webinar? I don't see that we lost everybody, so that's good. Let's throw up the poll bed. Let's see if people understand, now be honest, symmetric versus asymmetric encryption. Do people understand it better? Do you still not understand it? Do you still have no idea what I'm talking about? Do you feel like you understand it well? Let's see what people have to say here. We'll leave that open for just a couple more. Be honest, I don't want people stroking my ego here and making me feel good if I really failed at explaining that. Let's go ahead and show the results. Are you happy? I feel good. I feel like people understand it better. It's very good. What do you think, Ben? Hey, it's better. I was going to say if the third option was higher, I was going to have some real-world applications that I could talk about. Real-world examples of both options that we could talk about if needed. And we can obviously get into it in the Q&A section at the end. Absolutely. Well, thank you everybody. I wanted to explain that because I think it's an important concept to understand those differences. We promised talking about how to encrypt your devices. It's pretty easy. I did want to take a lot of time for this. Encrypt your devices, encrypting your laptop, your smartphone, or your tablet is generally as easy as toggling a switch. Then you'll be forced to create a pin or a pass key. You certainly want to make sure that you have that pass key if you attended our webinar two weeks ago. A great place to put that pass key to your manager like last pass or one password or key pass that hopefully you're now using. If not, then you'll want to keep it in whatever system you currently have for storing. And you certainly want to make sure that that pass key or pin is not something you use in other places and isn't the last four digits of your social security number or the last four digits of your phone number or your birth date or anything else that someone could find publicly. And it's pretty easy. Just a quick little piece of mind for folks. Anybody who's using an iPhone or an Android phone that requires you to enter a passcode or use your thumbprint or your biometrics to unlock the device, the phones are already encrypted. So just a piece of mind piece because it actually uses the passcode or the fingerprint in iPhone case to actually that is the actual key that Josh has been talking about. So you need to actually decrypt the phone while you use it. So just a little piece of mind. Thank you Ben. And it's really easy to turn on for computers and other things and a very good idea to do and does not harm performance at all. And if you have any questions and have you on your particular device, a simple search for your operating system or your device plus the word encrypt will find you the instructions for how to do that. Encrypt will find you instructions on how to encrypt Windows 10. Lenovo, ThinkPad, Encrypt will give you instructions on how to do that. So very easy to find that stuff. Encrypting files in the cloud. Interesting thing all of the primary vendors except for Microsoft ironically encrypt and if anyone from Microsoft is here and wants to correct me by all means, but box.org Google Drive and Dropbox they're all encrypting the data already which is pretty cool and I think a lot of people probably didn't know or didn't have that understanding. There are obviously concerns about whether Google or Dropbox or box.org or the governments, the US government can decrypt that information and generally speaking although it's hard to know the stuff for sure the general idea is that they pretty much can if you're using their encryption. But it's still keeping your data safe from people other than the actual entities where you're storing it and other than the US government for the most part. If you want to add an additional layer there's a free tool called Boxcryptor that works with all of those services that allows you to provide your own encryption before those documents go up to those platforms and come down from those platforms and that's something that you can layer on and there's a few other services that are doing this as well. I haven't talked about a lot I think I talked about in the first webinar if blind subpoenas are part of your threat model meaning your let's say a legal services organization and there's a reasonable concern that the US government might, let's say I have information in Dropbox and I'm a legal services organization and I think that one of my defendants or one or more of my defendants the US government might subpoena their information directly from Dropbox and give Dropbox a gag order basically saying you can't tell the client that we're asking for their information then encrypting that information with your own key that Dropbox does not control is a really nice way to make sure that subpoena winds up on your desk because what Dropbox will then do is give that information over in the subpoena that the information will be encrypted with the key that Dropbox doesn't have and government agency whoever's asking for that information will say hey we need this decrypted and Dropbox will say we can't do that the only person who has the key is the customer so you're going to have to go to them sorry and encryption that's the best of encryption working at its best right that's truly providing you with that privacy key success factors for encryption we're having one of these in every webinar to ensure privacy encryption must be implemented properly there's a quote from Jonathan Snowden that I didn't include here because I want to kind of slump people out but it essentially says you know encryption the encryption technology itself is out there things like signal things like box descriptor PGP pretty good privacy these are very strong and these are very good technologies that are very secure the reasons that they wind up being secure are twofold one is that the end points that they're on have some vulnerability so the macbook that you're using the encryption on or the network that you're using it from or the you know android phone using it from those all have vulnerabilities that can be exploited to get around the encryption and also encryption is often implemented poorly and inconsistently so to ensure privacy encryption must be implemented properly and must be used in a highly disciplined manner you can't allow secure information to wind up outside of the areas in which you're encrypting it because that produces a vulnerability and weaknesses in other areas if you have malware infested computers you have end points that don't have strong passwords on them you have poorly configured networks all these other things can create other vulnerabilities that can allow encryption to get by and this is why security you know especially when we're talking about protecting confidentiality of information is such a challenging thing because you're you really have to be very holistic you have to make sure that the overall security is very good it's much easier around for those of you who attended the first one integrity and availability concerns simply having backups of information having services that are highly available those are much easier to sustain but protecting confidentiality of information especially if it's information that people are motivated to get at is much more challenging some resources I have a few links there the eFF electronic frontier foundation what is encryption is a nice little walkthrough it's a bit more detailed than when I talked about also talks about some stuff that I didn't today like SSL certificate and HTTPS which is the sort of secure web things which I left out today for reasons of time Dropbox versus Google Drive encryption which is a little blog post from Virtue that's just from a couple weeks ago how secure is cloud file storage which is from I believe no I'm sorry someone else with that not a vendor and I listed a couple of encryption vendors this is not in any way an endorsement of any of these vendors although we've had good success using Virtue and I've not personally used Boxcryptor but I certainly heard people have some good experiences with that so those are some vendors and I wanted to just very quickly and then we'll get to the Q&A and we have a couple of questions lined up that I see ask people and you can go ahead and throw up the poll we had a little scheduling snappy as I mentioned at the beginning and I wanted to give the people on the webinar today a chance to tell me what topic you would attend in two weeks and I have a few options up here I'm also welcome anything coming into the chat so battling trolls which is something that I thought came up I have heard from different organizations that they're different organizations are struggling a bit with online harassment and I thought we could talk a little bit about that the one that was on the schedule for after the phishing was on the move, security on mobile device and working on wireless networks in the airport, in hotels so we could certainly just move that one up two weeks we could also do a deeper dive on threat modeling which could be fun at least for me, tactical how to on implementing two factor authentication and of course other if you want to enter things into the chat by all means and we'll leave that up just for a little bit and I'll kind of jump into questions and I'll let people continue voting here and questions here are the concerns so people go ahead and keep voting into things in the chat we'll leave that up are the concerns about subpoenas limited to the US government or can other governments use similar processes whether we're that guy or the short answer to that is I am not super familiar with international law my assumption so I would basically say to answer that question at a very fundamental level is that I don't know my assumption is that that certainly is true of some other foreign governments my best understanding is that although up until recently the UK just passed something that makes it much easier for them to do blind subpoenas Europe tends to be a bit better at protecting privacy of private individuals and businesses than the United States but that's not true of all European countries and Germany in particular is generally very good about protecting privacy of individuals as you move into obviously you know countries that are non-democratic then of course your privacy rights are vastly more limited and not only can people do blind subpoenas but they can do that without even meeting a subpoena of any kind so that's my quick answer to that question go ahead Ben the other rule of thumb generally is that if the data or the company that you have the data with whether it's email, Dropbox whatever if they are based in a country then that country can exercise their own laws because technically the property at that point exists within their own borders like Josh said the international law around this is pretty hazy at this point but in most cases for most people since you're dealing with United States vendors you're going to be subject to US laws as far as gag orders it really depends on the country as far as most folks are aware it's the United States UK Australia and New Zealand actually that typically use gag orders most and they kind of fall into a category called the Five Eyes which are countries including the United States that generally share technical and excuse me NSA type data spy data essentially between them intelligence that kind of stuff so those are generally the countries that use that but for most people using US based vendors unfortunately you will be subject to that kind of stuff so making sure that you have if that's a major concern for you and that's in your threat model like Josh said having an encryption method that the key does not exist with a vendor that would have to answer that subpoena is going to be your best way forward so thank you Ben and we can go ahead and close up the poll now and I apologize to everybody I had meant to make that a multi select I had only made it a single select so that didn't work very well but it seems like on the move security on mobile and while traveling is our winner so unless I hear otherwise in the next couple of minutes here I think that our next session today we will simply take the session that was scheduled for April 4th which was on the move move that up to March 21st and then on April 4th we'll handle gone fishing which is going to be our social engineering fishing ransomware webinar which we needed to move for a couple of just the reasons they will not bore folks with and go ahead and close that up then and we'll just leap into the Q&A and I think we've covered most of the questions if anyone has any other questions by all means I'll send them into the chat I very much appreciate everybody coming today we're going to keep running this through every two weeks until the end of May and if we have demand for additional ones we don't mind extending it so if you do have topics that you very much want covered you can reach out to me of course Joshua at roundtabletechnology.com if you send it to me encrypted with PGP I'll give it that much more attention and I think there are no more questions and we're eight minutes over so we'll go ahead and call it a day so thank you everybody so very very much for coming today and hopefully we'll see you back here in two weeks for On the Move security on mobile and while traveling