mnemonic security podcast

Canaries and Deception Technology

mnemonic

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 27:53

Why did the security industry stop talking about deception technology? And why should we start paying attention again?

In this episode, Robby is joined by Andy Smith, CEO and Co-Founder of Tracebit, to discuss the evolution of deception technology and its role in modern security.

Andy explains how organisations can deploy canaries, honey tokens and other deceptive resources in their environments to generate high-fidelity alerts when attackers move laterally, escalate privileges or attempt to access credentials and sensitive data. These alerts are designed to be both simple and highly reliable: if someone touches a fake resource, something suspicious is happening.

The conversation explores modern deception techniques, what these look like when customers deploy them in their SOCs, how realistic decoys can be customised for different environments and the next generation of deception technology.

Send us Fan Mail

Speaker

From our headquarters in Oslo, Norway, and on behalf of our host, Robby Peralta, welcome to the mnemonic security podcast.

Speaker 3

We all love a good SIEM project. Collect some logs, normalize the data, tune the alerts, reduce the noise, and do it all again with the next environment. Now compare that to a canary. You place a fake credential, bucket, secret, or session token where no one should touch it. And the moment someone does, you know something is wrong. No tuning, no baseline, just a high fidelity signal. And in some environments, that might be the only signal that you can realistically get. CI-CD pipelines, cloud accounts, appliances that barely log. Environments where sending everything to the SIEM is just too expensive or simply not possible. So if deception gives you cheap, fast, high confidence visibility, why did the industry stop talking about it? And why should you maybe start looking at it again?

Andy Smith

I'd say the spark that started to trace bit was my previous role. I led the engineering team, and I was also at times like the de facto CISO for an email security company called Tessian. They got sort of proof point a few years ago. Um, and it was there basically in that role as thinking about security of the organization. I wanted to do deception. So I was thinking about how we could detect thractors that got into our environment, how we would do that. And because of like the large, sprawling, ever-changing nature of our environment, uh, the idea of deploying some like tripwires effectively around that environment to detect intrusions seemed like a good idea. Long story short, we looked at the market, nothing really made sense for this kind of large, ever-evolving cloud environment. Um, we looked to build something ourselves in-house, realized to do that would take actually way too many resources that we couldn't justify. Um, so we shelved the project. And I can't really share the details, but we were unfortunately hit by an incident. It's actually a supply chain attack that led us to deeply regret not investing in deception. Um, we realized that if we had done, we'd have caught something maybe six months before we we wouldn't have done. Fortunately, there was not a significant impact to the business, but that was kind of the spark really that started TraceBit. Myself and my co-founder were both deeply involved in that incident, and we kind of saw the opportunity that that deploying some deception in the environment would have would have saved us, basically.

Robby Peralta

Do you think that what incident would have been any different if you actually had deception in place? 100%.

Andy Smith

Yeah, so so um again, I don't want to go on don't want to go into too much detail, but when we when we dug into it, the the the deception we wanted to deploy would have been hit on day one of this this incident, and we didn't actually pick up signals till months later.

Robby Peralta

Would you mind explaining you said tripwires, uh canneries, I've heard, I've heard honey pots as well, and I know there's a difference there. What is deception?

Andy Smith

Yeah, for sure. Um so deception technology has has many different definitions, and it can be quite confusing. I mean, fundamentally, the idea is to create artificial resources somewhere inside your environment, could be inside the perimeter, outside the perimeter, to deceive attackers in one way or another. People do this to seek when they seek different outcomes. Some are seeking to produce threat intelligence to understand more about the threat actors are how are how they're attacking them. That's when you'll often hear like the word honeypot used. So this is where you might put a honeypot on the internet and you might associate it with your organization and you know, see who's going after you and what they're trying to do. And that would produce threat intelligence. What we focus on at TraceBit is more on the tripwire side of things. And that's where you hear terms like canaries or honey tokens or these sorts of things. And they would often be deployed inside the perimeter. And that the goal is high fidelity detections. But ultimately, they're they're fake resources that should never be interacted with by a threat actor. So it could be in a cloud environment, you might have an S3 bucket that should never be read. And if someone goes and reads it, you would jump on that signal because it likely indicates there's some compromise or some insider risk.

Robby Peralta

Would you mind going into some of those artificial resources and what they actually are? You mentioned AW or an A or S3 bucket you said.

Andy Smith

Yeah, yeah, for sure. Um, yeah. So I mean the kind of classic way of doing this was uh virtual servers or network-based canaries. So you might have an SSH server or you might have a web server or a telnet server even, and you might be seeing who logs into those. Um the kind of approach we've taken that is a little bit different from these more traditional ways of doing things is leveraging like serverless resources in cloud environments. The reason we've done that is one, that is how threat actors are traversing through these environments. You know, they're generally not getting access to a network and running Nmap and then trying to get into a server. They're generally getting access to some credentials and then trying to move laterally or escalate privilege by jumping around. It could be roles or secrets or buckets or things like that in those environments. So, what we would canary, as we call it, would create deceptive resources for would be things like an S3 bucket or a secret manager secret in AWS, an IAM role. We do a ton of different things in a ton of different cloud environments, but it's it's the serverless resources. And the other benefit of that, as well as in being like how the attack paths actually look in environments, is they're actually very low cost and low maintenance. So it's basically financially intenable for any of our customers to deploy uh network honeypot into every virtual network they have in their system. They could have thousands of virtual networks, servers cost money to deploy. It's not really feasible to do that. But if you compare that to like an S3 bucket, which is basically free to deploy, you could deploy thousands and thousands of these without incurring a financial cost. And then also the cloud providers are maintaining these for you. You know, you're not patching your S3 bucket. So the actual risk and operational overhead of deploying these is also very low.

Robby Peralta

Interesting. I was gonna ask you, how did you go about choosing those artifacts? Was it because of incidents that are going on? That's probably a little bit of that, and also because they are you also had to balance that with like the keep the operational overhead low.

Andy Smith

Exactly. So so yeah, of course, we're we're always gonna focus on you know, where are the like the juicy parts of an attack path that the attackers are after going after? So, like reading public threat reports, speaking to customers, that's like part of it, and popular resources as well, right? It's it's no good, it's no good as building a product around a resource that is very, very rare in environments. We we're shooting for that realism. And actually, it's surprising. We actually have you know six resources we do in AWS, and we're constantly hearing from customers like, actually, those are the ones I'm I'm worried about, like by and large. So that's part of it. Like, are these actually used in attack paths? And then, yeah, the other part is like the operational overhead, but also the risk, right? So the other benefit of an S3 bucket is it's many, as an example, is it's in many ways benign. You know, if a threat actor gets full access to that and uh you know they're able to do whatever they want with it, they don't have remote code execution. They can't like leverage that as a foothold and then pivot around the network from there. Uh, compare that to a server, there's actually quite a lot of risk with deploying a server in an environment, right? If I exploit your Honeypot server, it's like it's like a own goal that a lot of security teams don't really want to take that risk on. So the operational overhead and the the low risk is very much a big part of it as well.

Robby Peralta

Do customers want different things? Do they ever ask you to make you know canaries for them that you didn't make before?

Andy Smith

So part of what we do with the platform is like customizing these canaries. So we will scan our customer environments and we're gonna like we're gonna take the naming configuration for the resources we we deploy. So it's gonna look similar. Um worth saying as well, actually, that the nice thing about that is it's quite hard to fingerprint these these things. You know, like uh an IAM role, let's use a different example, in a in an AWS account, only has a handful of properties to it that an attacker can see before they actually start interacting with it. So it's actually quite easy to make these blend in with the rest of the environment. Again, compared to a server, which is going to be fingerprintable over TCP. So that gets us very far with customers, just like making the resources named in a similar way and configured in a similar way. Where we want to get to is like imagine a world where you plug some threat intelligence into Claude or Codecs, and you say, Hey, I want some deception in my environment if for this threat actor. Uh and you know, you plug into TraceBit and we can deploy like nested canaries and deception around your organization, both on the out external perimeter and internal perimeter to detect and deceive that specific threat actor. That's not where we are today. We deploy lots of canaries at scale for for good coverage, uh, but that's where we want to go with the platform.

Robby Peralta

I understand the internal case. What's the external case?

Andy Smith

So historically, the external case has been, to my point earlier, around threat intelligence. So putting pieces of honeypot, yeah, the research. Yeah, exactly. Um we have this feature we're launching soon called perimeter canaries, where you could point some public facing infrastructure at trace bits. So imagine vpn.customer.com points to us. Now, obviously, it's not it's not super useful for us to tell you someone scanned vpn.customer.com because that's going to be happening all day, every day. It's not actionable. You know, what are you gonna do with that? Your security team's already really busy, you know, they don't they don't need more information. It's not that's not super useful. But what if you placed a cookie on every single one of your users' workstations that referenced VPN.customer.com with a with a unique cookie. Well, now if a threat actor gets into that one of those workstations and they dump the cookies in an attempt to like move laterally, you know, or run an info stealer as is often the way, that's gonna be like really high up on their list of targets. Because they think they're they're gonna think they've got the VPN access. It's gonna make it look really believable and really legitimate. And then you know, you can imagine the future like customizing that to specific instance you've had or specific like things that are being targeted in your industry.

Robby Peralta

Yeah, cool. So I had an episode four years ago about deception. I called it deception. Yeah. Uh as with Illusive. Okay. And then a couple, it mightn't have been that long before that. I had one on uh honeypots. But I haven't seen the adoption take off in in our neck of the woods, right? Uh in Europe. Why is that and what's changed?

Andy Smith

Yeah, uh, it's it's absolutely not taken off. And I think, you know, if you look at the history of this, you can see there was a lot of venture capital excitement in in Deception, maybe eight to ten years ago, and that's where companies like Elusive came out of. Uh, there were there were a bunch of them, and there was a lot of excitement. And I think I hear stories that if you went to RSA 10 years ago, like the expo floor was full of like deception technology as far as the eye could see. Uh, and you're right, like, you know, you speak to a CISO, and there's probably, I would say there's a 90% chance they're familiar with Deception and see some value in it. I'd say there's a 5% chance they've actually deployed it today, like from our experience. Um, I think that past wave of technologies from the folks we speak to that that bought and deployed them, they suffered a lot from some of the challenges I've already touched on around the heavyweight nature of deploying like virtual machines. And some of these technologies you actually shipped to a physical rack you had to go deploy into your data center. And then these things are expensive to deploy, right? You want to deploy like hundreds of servers. There's actually like a significant financial cost to deploy them. And then again, there's uh an operational overhead. The other challenge that I understand from folks who deployed these is that that like maintenance and management of them. So they often gave you some really nice building blocks to go and deploy deception in your environment, but they they left you to it. Like you had to go and go and figure out where to where to put all of this all of this stuff. Um, and because it was in the data center and it was an on-prem network, it was quite a lot of work to go and do that. We think it's different this time because like the cloud, you know, teams have aligned behind certain technologies, like Terraform is one of those, Kubernetes is another one, which allow for like the rapid scale of infrastructure around your environments. That infrastructure is lightweight, it's easy, easy to deploy. The other unlock for us uh has been LLMs. So we are using LLMs to create suggestions to customer environments. So when we started the company three years ago, they weren't that great. We did things like look to prefixes and suffixes for our naming schemes and things like that, but they've obviously come on leaps and bounds. So we will actually take metadata from customers' environments and we'll use that to say, hey, you know, create me sets of resources that are attractive to would-be attackers, that are benign to would-be attackers, create all these different resources and make them look realistic and tell a realistic story for this environment. And the security teams we show this stuff to are like, wow, like, you know, I wouldn't have even thought about that. Or I forgot we even did that project, but it'll be great to have a canary over there. So that that time save is a big part of it because security teams are usually the most busy people in the company. And the idea of spending three weeks to go and come up with some great deception is just not really feasible. Then, not least, if you think about maintaining that in the long run, right? Because your environment's going to change in six months from now. So six months, six months down the line, are you really gonna put in like another couple of weeks to go and move the deception around and reconfigure it? But if you automate that from day one and you use LLMs to create believable looking deception, that's where we think there's a lot of value.

Robby Peralta

SOC, Security Operations Center. I'm assuming all your customers today are probably large and mature. And we can get back to whether we need to be. We can get back to that. Yeah, whether you need to be not. Yeah, we talked about this before. Yeah. But the ones that do have it today, what does it look like when they have deployed this technology in their current SOC? Like how does that coexist?

Andy Smith

Yeah, so it's it's fairly straightforward. We'll we'll usually be working with the SOC often. The SOC will buy trace bit. Obviously, it depends from customer to customer. But fundamentally, we are feeding these alerts into their sim. Uh and then the SOC team is taking those, it's they're augmenting them with other data in their environment, and then they're responding to those alerts. So it's it's relatively relatively simple.

Robby Peralta

If you know everybody has a limited budget, if you had to take something out to put this in, make the make the case for you know spending 500k on trace bit then and 500k on something else. Yeah.

Andy Smith

Yeah. Um, I think there's we we have worked with customers on use cases around sim usage. And you know, we've we've heard from them, hey, I'm I'm not even doing anything with this sim data, it's way too noisy. I'm getting I'm getting too many alerts off it already. Uh certainly other tools like guard duty and things like that, like there's just no value in it. But I don't want to turn it off because that would leave me with zero visibility in that environment. So in some cases, there's a billion the ability to do that. I think the other interesting use case is when teams are wasting time on false positives. And again, they're in that state where they either put time into tuning them out, they turn them off. That's that's too much risk. There's there's a time-saving piece there where you know you can you can take a set of false positives and say, let's let's just turn these off because they're they're creating too much noise for us and we have comfort that we've augmented this, you know, we've we've replaced this with the visibility trace bits given us into that environment.

Robby Peralta

So cheap visibility and no matter what, better than nothing. Yep. Yeah.

Andy Smith

Yeah, yeah, 100%. We go into environments where there just isn't that much telemetry. CI CD environments are a really good example of this, where what what logs do you have from those environments, especially if you're running that in in GitHub or Circle CI or places like that? Like, do you do you really have that much visibility of what's going on in those environments? Like, this is a quick win to get something in there very, very early that's going to give you that high fidelity signal if something is compromised, that environment.

Robby Peralta

As we're speaking right now, there's probably a supply chain attack going on. I have no doubt. Yeah, we'll open our phones after this and read about it.

Andy Smith

I'm sure.

Robby Peralta

Knock on the table. Yeah. Uh how would you, your technology, any deceptive technology sort of fit in that use case?

Andy Smith

Yeah, so so we we we did some research recently that we that we published with this, where um the the team PCP attacks that are very friendly for a lot of folks at the moment, one of the things they did was steal AWS keys and SSH keys from environments. And that's one of the ways that they that they spread. So very concretely, we ran some of that, those info stealers within some GitHub actions, and we were able to show that these would these would take these these keys from these environments. So TraceBit would detect when those keys were being used. One of the nice things that we do is we generate unique keys for every single build that runs in an environment. So like the scale is a big, a big important part of it. And what that means is when TraceBit goes off, you can actually jump to the exact build that this occurred in. So we met folks who've like built this themselves. They put a single AWS key in a Git repo that hundreds of developers have access to, and it pings one day from a funny IP address. And you fundamentally don't actually end up doing anything with that alert. You know, you know something bad has happened, but you don't even have the data or the telemetry to go and figure out where that bad thing has has occurred. Um, whereas when Tracebook goes off in an environment where like, hey, it was this build, you know, the the credential existed, you know, in the context for like 10 minutes. Like you need to go and investigate this right now. And obviously, if a lot more light up, then you know you'll have a you'll have a big impact.

Robby Peralta

What about the other top initial access? Uh I mean, thinking of like, yeah, Mandiant would say that uh appliances getting popped are the uh the largest or info stealers, uh phishing. Do you uh do you have use cases for all those sort of yeah?

Andy Smith

So we do we do a lot on on workstations. So deploying deploying credentials onto workstations is a big one. I've mentioned this the session cookie piece that we're we're working on at the moment that I think is going to be gonna be really, really powerful. Um yeah, appliances I think is another really good example. Um we don't have like a ton of uh active deployments there, but I think credentials on appliances is super powerful. You don't have, you know, these they are often so underpowered you can't create logs or ingest those logs into your sim. But it's pretty trivial to go have like a cron, go deploy a uh a unique credential every every 24 hours. And if someone got onto that system, that's gonna look like a really attractive opportunity to move laterally. So that's the sort of detection we would make.

Robby Peralta

Forgot his name, Caleb Simer. Caleb? Yes. He's fantastic. I don't know him, unfortunately. But uh he was on the cloud security podcast, I believe it was. Um, also a fantastic podcast. He said that it was surprising to him that companies don't invest that they go for like a big expensive sock as a reactive capability instead of going for something like your technology. Yep. I would assume that you would agree and like him saying that. Yeah, I thought it was really interesting. Uh because I I I share his viewpoint.

Andy Smith

We really do see this as a as a quick win that you can do early on. Um, by deploying deception previously, this was going to be something that was actually gonna create a bit of a workload for the team just to keep the thing like valuable. Whereas now it's automated, now this is something you can just plug and play. I I, incredibly biased, do think, you know, why not just do this like on day one of your security program? Like the idea that the times of value on deploying a sim, right? I'm talking like super early on. Like the times of value on deploying a sim. We speak to teams, you know, you come back six months later and they're still integrating this data source and that data source, they're still tuning. Like they could have had some super high fidelity detections across like a broad set of their environments within weeks if they deployed some deception in that environment. So I I think that like it is it is a massive quick win, but I'm obviously very biased.

Robby Peralta

Yeah, SIEM is a never-ending project, as uh we both know. Uh LLMs. Yes. What are your thoughts around LLMs and deception?

Andy Smith

Yeah, I think there's I think there's like two key parts to this. Like one is offensive AI agents. Um we've actually done our own research on on this. Uh so we we created like a cloud lab and we we tested this out and we had an environment where they could get to basically root in in 14 minutes. Um, so I think I think LLMs for any security team right now, specifically offensive AI agents, you know, mean that attackers are gonna run much quicker through their environments. I also think they're just gonna have a broader set of techniques that they're gonna have available to them to get into those those environments. So, so for us, that means you want those high fidelity signals as soon as humanly possible. Um, and our tests show that that trace bit canaries like play a really good role in that. So the the the data we've we've produced and we've we published this show that we can make these detections of these offensive AI agents, like eight minutes into their their path to to domain admin. I I want to get that that number down. Uh, and I think there's there's all sorts of work we can we can do there. But I really think that, yeah, it's it's it's obvious that this is going to get um more and more serious over time. When the open weight models you know get this, get that good, which is probably six months away, we're gonna be in a really interesting situation. Um the other the other piece worth touching on uh that we do see in customer environments is like the internal AI agents. So you know, customers are are deploying these. Uh sometimes they're allowed to, sometimes it's it's shadow AI, you know, to do their to do their job. Um and what we're finding with deception is actually proving is quite a valuable detection for when those internal authorized AI agents like overstep the mark. So we've had examples in customer environments where the security team were surprised to find an AI agent you know make it all the way to a production canary. Uh and turns out, you know, an engineer was saying yes, yes, yes, yes, yes. And that's been a really useful uh detection for the security team to have that they otherwise wouldn't really have had any visibility of.

Robby Peralta

So there's an insider use case here, not necessarily a human being or malicious insider, or but but it does cover both.

Andy Smith

We we cover both, and yeah, I've we've not really touched on that, but like folks will like buy Trace bit, usually for the outside in, the the external threat actor, and we'll provide value there, of course. But those um those detections, you know, are fortunately in most customer environments relatively rare, right? No, you're not getting popped every week. But the insider, you know, the someone who's it's it's not even insider risk, it's sometimes risky insider. You know, it's uh it's non malicious intent. Someone's trying to do their job, but maybe they've strayed into an environment they should have, maybe they're they've gone off a pro off a process they they shouldn't be following, and you know, they they End up saying off a canary. And those are often signals that the sim isn't tuned to detect and you know the security tool isn't set up to detect, but can often be the smoking gun for a security team that allows them to get a process fixed, you know, get some training improved, you know, get some um get some like guardrails tightened up and reduce risk for the business.

Robby Peralta

Maybe uh sort of far out there, but has anybody ever used your technology for incident response use case?

Andy Smith

Uh it's something we have uh have explored with a few folks. But yeah, I think it's I think it's a super interesting use case, you know, when you you know someone is in the system and like proactively deploying that out. Just slow them down, right? Slow them down, confuse them, uh, detect them in places you you're you might not have telemetry for. Uh yeah, it's it's something we're exploring. It's not something we actively do with a product today.

Robby Peralta

What was that study that we talked about in the elevator on the way up here?

Andy Smith

Uh the Tularosa study. Yeah, tell us that. Yeah, so the Tularosa study was um they took a couple hundred pen testers and it was kind of a test with a quadrant. So uh somewhere they were told there was deception and somewhere they were not told there was deception, and somewhere there um there was deception, and somewhere there wasn't deception. So that that was a quadrant, and that and they were trying to test out, you know, if you tell people there's deception in an environment and there isn't, like, does it change their behavior? Uh and if you put deception in environment and the and you don't tell people about it, does it does it change the behavior? Can you make detections? And yeah, the the the long and the short of it is they found that even the understanding or perception that deception was in an environment did change behavior and made folks less likely to reach their goal. And to the point earlier around the research we've been doing, we found that the same is true for for AI agents in environments. So I think it was Opus specifically. We found when you we ran this through our cloud lab, if you told Opus there was deception in the environment, its likelihood of reaching admin went from 20% to 3%, just because it believed canaries were there and it was trying to avoid them or taking steps to not get detected.

Robby Peralta

I feel like it was one of your podcasts you had with uh the guy from Riot where you said uh where one you guys talk together and and you arrived at the conclusion that if everybody moves to deception, it'll be a cat and mask game as security always is, and the attackers will change. So in five years, if TraceBit is super successful and everybody's using Deception, what does the world look like then? What are the attackers gonna do differently?

Andy Smith

Yeah, it's a great question. I mean, and I think that's that is the case where we would make the case that like partnering with a vendor makes a lot of sense because you know you want someone, someone actively developing this. Because even if you went and did your own automation and set that up and did a really good job of it, so it does evolve automatically, you know, you're not gonna be inventing new resource types, you're not gonna be plugging different pieces together, you're not gonna be like building support for more systems over time, you're gonna build one piece. Uh, so for us, that's why it's really important uh to be constantly evolving the platform and adding new features. Um, and that's also why we're really excited about this like AI range that we've we've set up, because we can constantly iterate AI agents against these against these environments, and as they get better, um, we can detect that and we can evolve the product and platform to get better at detecting them.

Robby Peralta

Is there ever like a case where you have so many canaries inside of an environment that like even that the attacker has to just and they just move on and they give up?

Andy Smith

Yeah, yeah. It's um so I think Kelly Shortridge from Fastly wrote about this uh in an article called Sludge for Good. And she made the case that you know you could do 95%, 99% uh deception or canaries versus uh 1% real resources. That is not something we've explored so far, to be honest with you. Uh I think uh you know our focus really is you know ease of deployment for us is also about not getting away in the way of your software engineers who you know are busy people and and you know don't want uh a ton of resources in their way. I I do see scope for that in the future for sure as something customers could opt into.

Robby Peralta

Because if there were that many resources, how would it be in their way?

Andy Smith

Yeah. Uh from a software engineer's point of view, yeah. Well, imagine you're logging into a cloud environment and you know you're debugging a production issue at three o'clock in the morning and you're trying to find the real resource that is that is broken, and there's 10,000 canaries in there that you know you have to scroll through or page through. Yeah, so it's you know very valuable if you're a threat actor. It's gonna be basically impossible for you to find the real resource without sending it off. But that could create some friction if you are uh you know a DevOps engineer responding to an incident.

Robby Peralta

Yeah, and that's what's been kind of holding deception back, if I understood you correctly, is the operationalization of it.

Andy Smith

The operational holding deception back is the opera opera line opera what's been holding the overhead for sure. Um but I would say that like that sludge idea is is maybe just taking things to the to the extreme, which I don't think is a bad idea. I just think it's it's something you would not want to put in every single environment. Yeah, for sure. Because like humans are operating in some of those environments.

Robby Peralta

Yeah. Do you have any final thoughts or anything that we did not cover that you think is worth mentioning to enlighten security?

Andy Smith

No, I think um honestly, I think if you've if you've been intrigued by what you've heard, I would I'd really go sign up to our community edition. Uh something you can go and protect your your home PC with with deception right now, uh, and and your email and your password manager and other pieces like that. So I think that's a great place to start. Uh if you'd like to know more, you can you can book a demo on our website. Cool. Andy Smith, thank you so much for your time. Thank you much. We appreciate it. Thanks a lot.

Robby Peralta

Well, that's all for today, folks. Thank you for tuning in to the Mnemonic Security Podcast. If you have any concepts or ideas that you'd like us to discuss on future episodes, please feel free to hit me up on LinkedIn or to send us a mail to podcast at mnemonic.no. Thank you for listening, and we'll see you next time.