Podcasts
Afternoon Cyber Tea with Ann Johnson
Ep 114
Afternoon Cyber Tea with Ann Johnson 9.16.25
Ep 114 | 9.16.25

Modernizing Cybersecurity with Matt Rowe

Show Notes
Transcript

Ann Johnson: Welcome to "Afternoon Cyber Tea." I am your host, Ann Johnson. On "Afternoon Cyber Tea," we focus on where innovation and security intersect. From the frontlines of digital defense, to the groundbreaking advancements shaping our digital future, we bring the latest insights, expert interviews, and captivating stories to help cyber leaders and defenders stay one step ahead. [ Music ] Today I'm excited to be joined by Matt Rowe, Chief Security Officer at Lloyds Bank. Matt has dedicated his entire career to security, beginning in the UK government before transitioning to the financial sector, where he has spent the past 14 years. As Chief Security Officer for Lloyds Banking Group, the UK's largest digital bank, Matt leads with a mission to safely go faster. Matt also serves on the board of the Cyber Defense Alliance, a not-for-profit organization that facilitates intelligence sharing amongst financial institutions, law enforcement, and security agencies, to disrupt cyber threat networks. Welcome to "Afternoon Cyber Tea," Matt.

Matt Rowe: Thanks, Ann. Really glad to be here today.

Ann Johnson: So I know that most of our listeners, and you, agree that the pace of change in cybersecurity is really accelerating. But before we dive into any specifics, I'd like to start with the big picture. We've talked a lot. I know you have a lot of great perspective. What does modernizing cybersecurity mean to you?

Matt Rowe: Oh, wow. So modernizing cybersecurity, I think it's fundamentally about constantly driving for improvement to stay ahead of the threats. The attackers, they're innovating all the time, and therefore we always need to continually work out how we stay one step ahead of them. But then, right now, there's big shifts happening around us as well. And I think that causes us to need to reinvent more fundamentally. So it's generally a big watch out in cybersecurity. It's about being complacent, never being pleased with where you are. We always need to be working out how can we reimagine, how can we get real advantage. But when we add in some of the big geopolitical shifts, the need for pace in every business that we protect, and then artificially intelligence adding in yet more pace and completely changing some of the paradigms that we operate within. I think that requires us to really modernize, to rethink how we get ready for the second half of this decade. And all of those changes also represent a lot of opportunity for us as well. So we have to take those opportunities.

Ann Johnson: Yes. I think we do. I think that our artificial intelligence from the terms of the threat actors, but also how we use artificial intelligence is going to materially change cybersecurity in the next five to 10 years. And we will certainly get to that and talk about it in more depth. But let's talk about that dramatic shift and how security is practiced. It's a pretty bold statement to say, and I've been as you have, in the industry a very long time. And it's funny, because every year, at the RSA conference or a Black Hat, we talk about it's the big year of whatever it is. But I think we are really, truly are in a fundamental shift. What are you seeing that suggests we actually already are transforming? The transformation's happening, even without us being aware.

Matt Rowe: Yes. I think that's right. I think this is a real shift. And some of the signs that we can see, we -- as a discipline now, we're getting more focused on data management and really good practice. Use of data, exploitation of data, and driving the analytics of data to ensure that we can solve bigger problems and harder problems. And when I talk about the dramatic shift in how security is practiced, if I think about where we've come from. Rightly we have focused for a long time on defense in-depth, and making sure we were never relying on one control, and if an attacker defeated a control that was in place, that we had more opportunities to stop them and to catch them. I think the other side of that coin is we perhaps created quite a lot of friction, and in terms of the mindset, we were sometimes more focused on stopping the bad thing happening than making sure the good thing happened. So from my perspective, the big shift is it's actually about moving away from friction, moving away from, like, the creation of quite a lot of busy work for our teams and our people. And because we do now have stronger data discipline, more mature data practices, we have better tools. We have the beginnings of a more coherent security model, because of some of the fantastic developments that our suppliers, including yourselves, are innovating. I think actually we can now start to see the impact that we have as humans, the work that we're doing in our teams, it's starting to move further up the value chain. So we're actually doing work that is -- it's less about proving something didn't happen. It's less about running after -- I wouldn't say low-fidelity alarm. It's less about our fulfillment, and it's more about getting into, like, proper threat hunting, identifying potential tasks, and really hardening environments proactively, before an attacker might have understood what their opportunity is.

Ann Johnson: I think that's right. I think we've been a -- as an industry, we've been good at being reactive. I think that we have to be much better about being proactive, and I don't want anyone to be confused. So what I mean is, offensive security. I don't think most corporations are really going to be great about offensive security. I think that's probably still a good government function. But I do think that corporations need to be better about being much more proactive about how we think about cybersecurity and how we think about hunting and identifying the actors, so it's not just about building defenses. It's about catching things before they get to your defense, right?

Matt Rowe: Exactly. Yes. I completely agree.

Ann Johnson: So technology is just one of the levers when we talk about transformation. And also we talk about technology a little bit too much. But it's not just about all the shiny new tools that are available to us. We at Microsoft, I know, talk about culture change. It's a foundational change. As we think about tools and technologies, can you also talk a little bit about humans, but also what tools and technologies do we currently either undervalue or overvalue, or we just aren't using properly or not using the full capabilities?

Matt Rowe: Yes. I think this is a great thing to explore. I've mentioned a few times already data. And I do believe that data architecture, lifecycle data management, and really modern data practices, that those are improving, but they can be even stronger disciplines in cybersecurity. So I think that they're undervalued. We're starting to tune into them, and I do think that's the thing that's going to really unlock even more capability and modernization in how cybersecurity gets done. And actually I think that brings a bit of interdisciplinary approach where we want more folks who are from a pure data background to work in our field, be they data engineers, data scientists, just to help us solve some of those big problems, and help us exploit the opportunities that are presented by artificial intelligence and other modern analytics' paradigms. And then the other one is, from my perspective, identity is a capability -- and we talk about this a lot, it's the foundation of the security model -- many large incumbent organizations may have got into a bit of a pattern of regarding -- I don't see access really as a compliance thing. You do some things because you always have. You do some things because you have to. And I think there's a big opportunity to reset, refocus on identity being right at the heart of our modern security model, and really therefore dial up the focus on that. I think the last thing I'll say on this is going back to your question, I do believe a profound mindset shift is required, and I expect we'll explore that a little bit more. But for cybersecurity folks to increasingly think of our field as an interdisciplinary field does require us to lift our heads up and tune into things left and right of our traditional field to a great extent.

Ann Johnson: I've spent some time with you, and I always love the way you think, because you are thinking about security is not just the folks sitting in the corner in the back room. It's actually integral to the business, and you drive that, I know, within LLoyds. And I want to talk -- I want to pull the thread just for a second about both identity and data, and I'll do it in that order. From an identity perspective, I've always said that we're reasonably decent as an industry, not perfect but reasonably decent, in imagining human identities. We understand them, we know what tools we need to deploy. We may not be there yet, right? Maturing might not be there, but we have a decent understanding. We are not good as an industry at management things like machine identities, certificate identities, and now we're going to be challenged with agent identities, or agentic, right? So I think that one of the big lifts the industry is going to have to make, because it's what we see threat actors abusing a lot, is non-human identities. So you can categorize that as a device, anything you want, but anything that isn't truly a human being, I do believe that's going to be a fundamental change, and we just have to get materially better about it pretty quickly. The other thing is my dear friend John Lambert always says that we think in lists, attackers think in graphs. And security truly is a big data problem. And I know you understand that. You're one of the people globally, and all the people I talk to that probably understands it the best, that security is a big data problem, and if you can get your team, right, to understand the need to really sift through that data, we were talking -- I'll just use one anecdote from Microsoft -- we were talking recently about event logging. And being able to be really crisp in telling customers what you need to log is a big topic of conversation. And I said yes, that's all true, but actually what's more important is what events in the log are important? Because you can log a lot of stuff. But it costs a lot of money to log, as you know. So what events are actually going to make the difference between having a secure environment, and that means you have to be really good at data.

Matt Rowe: One hundred percent. You said all of that far better than I could have done. And I couldn't agree more. And this is the thing, so I think everybody in cybersecurity today needs to understand these concepts are right in the middle of how we get this stuff done.

Ann Johnson: Which brings us to -- and you knew it was coming -- to artificial intelligence and automation. They're everywhere in the security conversation. But they really are not just buzzwords anymore, right? They are going to fundamentally reshape the way we operate, because if we become a data-focused industry, which we need to be, then we also have to understand how to sift that data, how to get intelligence out of that data, and how to automate a lot of the mundane work I would say that the security teams do today. So can you talk a little bit about how you were thinking about AI and automation, not just in detection, but also in your decision-making and the day-to-day operations of your team?

Matt Rowe: Yes. I will absolutely do that. And everything that you mentioned before, these represent the foundations to get to a modernized security program. So what do we anticipate will come? So we've done a great job of ensuring that we can manage human and machine identity, that we're really great at managing data and exploiting data. Then when we get into the exploitation of artificial intelligence and particularly agentic AI, what we anticipate will happen is a lot of the busy work that has occupied our teams and our people, that is going to get solved by agents. And that's a really good thing, because that is busy work, and it has actually constrained people. It's limited them from fulfilling their potential, it's actually kept them away from the things that humans are good at, and it's been frustrating, fiddly, time-consuming work. So we can solve that with agentic AI on the period in front of us. And that will mean that the human time is increasingly focused on doing more valuable things. So if today we have people who are spending a lot of time investigating say, a low-fidelity alarm, or we need to prove that something in fact did not happen, and that can be done end-to-end by an agent. And that same person, they are able to do more for hunting, attack path analysis, more proactive work to understand what is a potential thing that could happen in our environment? And to really get in front of that. Because if you can identify attack paths in your environment proactively, you can take steps to harden your environment, to interdict the attack path for the preventative control, or to build an analytic to fire if a certain step is taken by an attacker. Before the attack is even understood, that attack path might exist. So that is the big prize in front of us. And I think then if you fast forward from there, the thing that is starting to emerge I think is the convergence of what you might call pre-breach and post-breach. Pre-breach being all the stuff on prevention: hygiene, posture; post-breach being all the stuff about how, like, an alarm's fired, something suspicious has happened. I'm going to investigate something and do some maybe containment activity. So in the future, if we're actually spending a lot more of our time the value chain, you can envision a world where actually I might get coached by AI to spend my next hour or my next day doing the most valuable thing I could do. But if a high-fidelity true alarm's fired, I'm going to go and do that work first [inaudible 00:13:34]. But if there hasn't been an alarm of that profile fired, and the agent's looking after the low-fidelity stuff, and in fact, I might go and do some hunting. I might actually go and take a step to harden something. And I think that's a tremendously exciting opportunity. It's a really big shift from where we are today, but effectively, if I'm always in a position to do the most valuable thing with my next hour, that's going to massively improve the security profile of my organization.

Ann Johnson: I love that. Because if you all the way back to SolarWinds, right, one of the things we learned during SolarWinds, which we probably all should have known, but it was one of those awakenings is that the threat actors understand how we do security. They understand how we monitor; they understand how we do response. They understand our playbooks. And one of the things they were really elegant in abusing was low-fi and informational alerts. Understanding the tooling well enough to only fire low-fi and informational alerts, which a lot of security teams either ignore or they don't get to quickly, right? And when you could have agents looking over those when you see a bunch of low-fi or informational alerts, and it's at a velocity and there's a cadence of them, giving an agent that ability really frees up your humans, but you may find something that's really compelling in there. If we had all been a little better at that during that attack, it may not have been as meaningful an attack for the industry, right? And it just is a new skill we need to learn. Matt, you'll appreciate, I was actually setting up two agents. I was inspired by my chief of staff, who tells me he has three agents working for him now. So I was setting up two agents yesterday. One of them to help me, like, summarize my calendar and my action items and help me prioritize. And one of them -- I do a lot of writing -- one of them to help me with writing, right? Generate ideas or just making sure that my writing is somewhat coherent. But as I thought about them, I thought about them from a cybersecurity lens, right? What are the privacy? What data do I want them to access? Ooh, how can they enhance? And I think that every time your organization is thinking about agents, you need to think about it from privacy and cybersecurity, but also productivity. And we can just make such a big step change in cyber if we just leverage them that way.

Matt Rowe: I completely agree. I completely agree. I just want to go back to your prior point as well. And the thing is when we do this work as humans, almost like -- it brings out the worst in us. Because we see the same thing 100 times in a row.

Ann Johnson: Yes.

Matt Rowe: We actually become bad at pattern recognition. The first 99 times, it actually was a nothing, so the 100th time, we assume it's a nothing. And in fact, it's a something.

Ann Johnson: Yes.

Matt Rowe: Well, the AI is actually predispositioned to identify the really subtle differences, and then give it to us to do some work on, because it's spotted that no, this one is a bit different, and needs some more attention. And I just think that's all upside in terms of the way that we spend our time as humans.

Ann Johnson: Yes. I agree. But that means we have to change fundamentally or upskill our teams, and I just want to spend a few minutes talking about that, because our teams are going to need new skill sets. A lot of our teams -- and I'll just historically came say, from the security side, right? There's a lot of network security folks in the cyber industry. And they bring great skills. But they don't necessarily bring great data skills. They don't necessarily know how to leverage AI. So can you talk a little bit about -- and I'm going to combine two questions and let you talk -- talk about what new skill sets you think the security teams are going to need, and then how are you going to upskill them? What is your plan at LLoyds Bank to actually make that shift?

Matt Rowe: Yes. Well, there's a lot in here, and yes, people are right at the heart of this, of course. I'll talk about it in terms of skill sets and mindsets. So we need to broaden our skills in our program, and also we need to get people thinking about the mindset that's needed for the future that we've described. And we've talked an already a bit about interdisciplinary approach. So we definitely need to bring in skills that we've been a bit lighter on in the past. We talked already about data, but software engineering, and also infrastructure engineering. People with really strong dev ops practices, and people used to doing everything as code, and basically using pipelines to drive their work everyday is something that we're dialing up. Then we talk about the security side of it, I would take a few that artificial intelligence is likely to become, like, the security generalist. And therefore, whilst our people will need to understand the entire security model, understand the LLoyds Banking Group security model and how it all works together. We will expect people over time to build deeper specialisms, to be real experts in a part of security, because everything we've talked about, that's going to allow us to get further into the problem, a set that we have bigger problems solving, problems almost more ambitiously. And that does therefore require us to have more expertise, and frankly be more ambitious in terms of the things that we're going after. And yet at the same time, our uniquely human attributes on the one hand, like, judgment, critical thinking, to at the other end, creativity and empathy. I think these things are going to come to the fore to an even greater extent. It's interesting, you mentioned offensive cyber security earlier. And I agree with you. And yet if you go really far out, and you think through to five years in front of us, might we have the opportunity to be a bit more adversarial. I'm not necessarily here talking about offensive security, I'm talking about if we're a bit creative using our human creativity, we can start to think about well, if an attacker did get two or three steps in, how might we distract them? How might we burn their time, frustrate them, take them down a blind alley? And think about our security model in a more adversarial way, which is, like, where we can deploy some of our human creativity and our understanding of our own environments to do that. Then just to answer the final part of your question, in terms of what we're doing about it, so it's really all about experiential learning and trying to get as many people as possible hands-on using these new tools, taking them for a spin, experimenting, and learning as we do so. We try and put as many of our people as possible through competitions to make it fun and a bit competitive with different, like, levels of difficulty of problems. And then we also are just like having the conversation about the characteristics that will need to be, during in the future to succeed and a really big part of that is growth mindset, is about how do I develop expertise and stay humble about the things I don't yet know. So I always want to keep adding things. Those are the main things.

Ann Johnson: I love that. I also love the fact that obviously we preach and hopefully practice the growth mindset here. And I was telling my 24-year-old, who's going to go emerge into the world soon, right, and bring all her wisdom. And I used the old phrase that you'll appreciate, I said, you don't know what you don't know. Just remember that, right? I think at 24 -- I remember when I was 24, I thought I knew everything. So [laughs] as I pack her off into the world, like, there's a whole big world out there that you're going to learn, and some of it's going to be hard, and some of its' going to be easy. And I think the same thing is true in cyber. You have folks like me that have been doing it over 25 years, and there are days when I get a little complacent. And then I'm like, nope. History's changing. You need to turn that growth mindset back on, and you need to learn from folks from all aspects, and even the newer folks coming in who are looking at problems a little bit differently. So I love that you talked about that. Well, let's talk about the foundations for the future, right? The future doesn't just happen, and we can't let the future happen to us, right? And I love by the way, you're talking about how we honeypot or frustrate the adversary. It does become a little more offensive, but we're not actually launching attacks against them. So I think that's a good way to frame the offensive steps that corporations can take today. But how are you laying the foundations for that, right? How are you saying here's how you said move faster safely, how are you doing that?

Matt Rowe: Yes. And the thing that you said at the beginning of this question is absolutely critical. This does not happen by itself. The fact that the developments in technology give us an opportunity to completely change how security gets done, that doesn't mean it just will. We have to take a set of really deliberate steps, and it's hard work. So some of the stuff that we're doing at the beginning to lay the foundations, it's a lot about simplifying our security model. And we talked a lot about data and identity already, but then when we think about even when we protect our organization, sometimes our security tooling landscape is too heterogeneous. And we're really working hard all the time to work out what is a more elegant way of getting things done to really drive the hygiene factors. And then the second thing I talk about is frankly just like, in terms of laying the foundations, jumping in, experimenting with some of the new capabilities, just to start to explore the art of the possible, and just to build that familiarity so we're effectively doing a bunch of experimentation and coming back to doing some big thinking to work out how these things will actually be part of our strategy, our approach, and our security model into the future. And we won't get it right all the time. So actually having the conditions for fast, safe experimentation at this moment is really critical. And then the other thing I would say as we build out the foundations for this is we can never just stop doing a great job of security. So quite a lot of building for the future is happening in parallel. We'll run our existing capabilities, and then start to build out the next generation alongside, get confident, get mature, and then pivot across. so that's another key thing in terms of building strong foundations.

Ann Johnson: Yes. And I know it's a cliche, but we often say we're building the plane as we're flying it, right, because that is what we do everyday in cyber. We're building new capabilities, but we also have to keep the organization secure. The other thing about modernization is it's also about resilience, and your predecessor handed me -- I can't remember the year, let's say it was 2017 -- the Bank of England's operational resilience document that they had recently written at that time. And it was one of the best things that I read, because it actually changed my mindset of how I thought about cybersecurity, right? And then when we had attacks like NotPetya and WannaCry, we actually learned a lot about resilience. So how do you think about resilience now in this modern model, and how do you think about resilience being more dynamic and more agile?

Matt Rowe: Yes. Oh and shout-out to Sharon, my predecessor. She's a fantastic leader, and yes, she got a point there. The thinking done by the UK regulators was really aggressive with lots of input from participants in the sector. And I think where we go next, because of that good work that's been done over the last half a decade or so is we actually can think even more ambitiously about the entire UK system. So what we are aiming to do now is broaden out to think about all of the critical participants in our supply chain, and then to think about the smaller parts of our ecosystem, and what role we can have as large organizations in helping everybody to become more resilient. So I think about this in two ways now in terms of more resilient, but also more agile in terms of the cyber threats that we face. With the big participants, it's much more about capability-building, peer-to-peer capability building, less about just sharing intelligence and all of that good collaboration has built trust. But now we can think about actually the fundamental capabilities, and how we share our thinking and share our workings and grow together in that sense. And then with the smaller participants, it's like what are the things that we can actually break out and give us a leg up to the whole sector that can be consumed more readily. And those are things that I think they're still in front of us, but we're having a conversation now, which is frankly a lot more ambitious as a result of the work that we've done over many years.

Ann Johnson: Which is great. I think LLoyds has been on the front foot for a long time, and you're accelerating that and taking it to the next place. So I always learn from -- I learned a lot from Sharon, I learn every time I talk to you, so I appreciate that. Let's get tactical for a second. What do your peers, what do security leaders, need to prepare? What do they need to do next and also what do they need to stop doing? Right? What is the things that you see that look, this is kind of -- I don't want to go as far as saying it's a waste of time, but you would be more effective if you started doing this, and did less of this.

Matt Rowe: Yes. This is a great topic. So I think we need to recognize the moment we're in. So going right back to the beginning of this conversation, the geopolitical shifts, the need for pace in every single business, and then the advent of generative AI and agentic AI. That means that we have to pay attention to the moment we're in. And I think there's a need to go back to first principles. If we started again today with a blank sheet of paper, what would we do? It's one of those moments, I believe, where incrementing from what we've built over the last 20 years, and many organizations won't be sufficient. If we started again with a blank sheet of paper, what could we do? And I think that actually unlocks a lot of the art of the possible. The opportunity to really go after some of the new frontier of technology. And then other side of that, the thing to stop doing is to probably be less emotionally attached to some of the stuff we've built out. We are humans; we are emotionally attached to all of the things that we've done in the past, experiences that we've had and the blood, sweat, and tears. But I think we have to be a bit more dispassionate, and really, like, be in that mindset of okay, the things that got us here, they're not then same things that will get us there. So we have to reset on some of that, and some of it just like regard us for the past. I think we need to stop to talk to our teams, the people on our teams, about the shifts that are emerging, just to empower them about the fact that actually we do have agency. We can see that these shifts are happening. So they're not happening to us. We've got agency; we've got control over the way that we navigate these changes. And then I think that does allow us to get into conversations about skills, skill set and mindset for the future. What are the things that people need to add? And what are the things that people need to start to practice in terms of how we think about problem-solving?

Ann Johnson: I think that's all right, and I want to thank you. I want to thank you for sharing your wisdom. We'll get there in one second, because one of the most important things about "Afternoon Cyber Tea" is I consider it an optimistic podcast, and I consider myself a cyber optimist. Yes, we have a lot of problems, but you and I both know that what you see in the news is minuscule compared to what we've actually effectively defended against. So we actually as an industry have a lot to be optimistic about. And I'd love to hear what you're optimistic about.

Matt Rowe: Yes. And as you know, me too. I am very much a cyber optimist. And I always appreciate at the end of your podcast that you frame it in this way. And there are a couple of things I'd say. Like everything that we've talked about in this conversation, it won't be easy. It won't happen by itself. We're going to have to take some deliberate steps. And sometimes it's going to be deliberately painful, the transformation that's in front of us, because it's such a big shift. But on the other side of that, in terms of the reasons to be optimistic, I do see a future where we're going to be even further into solving some of the big problems. Problems that we never got to before, because we were just dealing with the crocodile nearest the canoe. Well, actually some of that stuff is going to be out a way. So we can get into bigger, more fundamental problems. And I believe that is going to allow us as people, as humans, to have even more impact, to get more fulfillment from our work, and to do an even better job of the core mission of cybersecurity, which is to protect our organizations and protect the society that our organizations serve. And that has to be a reason to be optimistic, because we're going to be doing more fulfilling work and achieving the mission even more effectively.

Ann Johnson: I really appreciate that, and by the way, I've officially stolen "crocodile nearest the canoe," because that's just an amazing expression. My team is going to hear it a lot, so [laughs]. Because you do, you get so focused on the thing that's immediately in front of you, and you miss, like, the forest and trees analogy, right? Matt, I want to think you for joining -- not only did you give deep, practical advice, but I'll tell you the other bit of wisdom I tried to impart to my child is, your ability to effectively communicate is something that's probably going to take you furthest in the world. And you're a brilliant communicator. So thank you so much for taking the time. Thank you so much for sharing the wisdom and communicating it in a really consumable manner.

Matt Rowe: You're too kind. And thank you so much, Ann. It's been brilliant to catch up with you.

Ann Johnson: And many thanks to our audience for tuning in. Join us next time on "Afternoon Cyber Tea." [ Music ] So I invited Matt Rowe who is the Chief Security Officer at LLoyds in the UK to join me because he's just a brilliant strategist when it comes to cybersecurity. He has deep, practical advice, but he's also a gifted storyteller. So when you listen to the podcast, what he says is incredibly consumable. It's things that you can operationalize in your own environment. And it helps change the way you think, because Matt's always thinking from a very strategic lens. So it's a great episode, and I'm sure you'll enjoy it. [ Music ]

Afternoon Cyber Tea with Ann Johnson
Podcast Info
HOST(S):
Ann Johnson
Ann Johnson, Corporate Vice President and Deputy Chief Information Security Officer at Microsoft, talks with cybersecurity thought leaders and influential industry experts about the trends shaping the cyber landscape and what should be top-of-mind for the C-suite and other key decision makers. Ann and her guests explore the risk and promise of emerging technologies, as well as the impact on how humans work, communicate, consume information, and live in this era of digital transformation. Please note, the opinions expressed by guests on this podcast are their own and are not endorsed by, nor do they necessarily reflect opinions of, Microsoft or Ann Johnson.
Schedule: Tuesdays
Credits: Executive Producer is Charlynn Settlage, Producers are Rob Petrillo and Greg Ormsby. Production Manager is Max Solomon, Scheduling and Administrative Support is Katie Zwart, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft