The Retail & Hospitality ISAC Podcast 2.22.23
Ep 22 | 2.22.23

National Retail Federation, Intel Briefing, and 2023 Events Kick-off

Transcript

Luke Vander Linden: Hello, everyone. This is Luke Vander Linden, vice president of membership and marketing at the Retail & Hospitality ISAC. And this is the "RH-ISAC Podcast." It's been a couple of months since I last hosted the "RH-ISAC Podcast." And things have changed a bit around here. Let me explain. And I'll start by giving you a brief history of our little show. We launched, let's say, a year and a half ago as a members-only podcast. It was hosted on our own platforms behind a login. Only RH-ISAC members could listen. Quickly, though, we thought, if we're going to go to the effort of putting this together twice a month, let's make it public - not really for the general public, of course, but for cybersecurity professionals from the sectors we serve, retail, hospitality, really any consumer-facing business. Because, as I tell people often, we're not just the ISAC of our members but of the entire sector.

Luke Vander Linden: So over the course of the last year, we really started picking up steam, gaining - in TV, you say eyeballs, so I guess in podcasting, you say eardrums - either way, very encouraging growth in listeners over that time. As it turns out, it caught the ear of the production team at CyberWire, which hosts a big network of cybersecurity podcasts, I think the most listened-to ones on the internet. They reached out and proposed that they bring our podcast into their network. We could benefit from their distribution and production expertise. And we could focus on the content. Fast forward to today, and here we are. This episode marks our debut on the CyberWire network. And we're very excited to be a part of it. As part of that launch, I got to sit down with Dave Bittner for today's episode of the "CyberWire Daily." Here's a quick clip of some of what we talked about. 

Dave Bittner: It strikes me that, you know, members of some of the other ISACs could benefit from listening as well, just to, you know, pick up some of the techniques that you all are using there with your own organization. 

Luke Vander Linden: Yeah, I think so. I think there's a certain amount of similarity, although, you know, some of the other big ISACs, like Financial Services ISAC or health or aviation - and we'll crossover with them from time to time. So I think there is a certain amount of similarity. But absolutely, you know, any cybersecurity professional, I think, could really benefit from our podcast, but frankly, your network of podcasts as well. 

Luke Vander Linden: If you're new to the "RH-ISAC Podcast," we are the podcast for retail and hospitality cybersecurity professionals, CISOs, analysts and other practitioners. We focus on content about the latest challenges, opportunities and best practices unique to cybersecurity specifically in the retail and hospitality industries. Our plan is to bring on CISOs from our core members, other players in the cybersecurity space and also introduce my colleagues, fellow employees of the RH-ISAC, to talk about some of the things they're working on. And believe me, I have never worked with a more talented group of people. By the way, all of our past episodes are available via the CyberWire network. Just go to thecyberwire.com or anywhere your favorite highest-quality podcasts are hosted online. 

Luke Vander Linden: In today's episode, we're going to start with one of my favorite colleagues at the RH-ISAC, the woman who runs the show, our president, Suzie Squier. This will be the first of hopefully many segments we're calling Suzie Plus One. She and I will sit down and chat with a special guest. Today's Suzie's plus-one is Christian Beckner, vice president of retail technology and cybersecurity at the National Retail Federation, aka the NRF. One of the things we'll talk about is our new partnership aimed at offering greater intelligence sharing to strengthen the retail industry. Christian will also give us a rundown on some forthcoming policy developments that will impact us all. We'll welcome back Lee Clark, cyberthreat intelligence analyst at the RH-ISAC, who will present the briefing, our monthly segment summarizing the latest cybersecurity threats facing the retail and hospitality industry. 

Luke Vander Linden: And finally, I will be joined by Alexandra Brown, events director at the RH-ISAC, and we'll chat about some upcoming professional development programs and in-person collaboration opportunities that retail and hospitality cybersecurity practitioners can take advantage of. By the way, if you like what you hear or don't like what you hear or have a suggestion for something you want to hear, just let us know at podcast@rhisac.org. That's podcast@rhisac.org. 

Luke Vander Linden: So let's get started. Suzie Squier, thank you for joining us in the studio today. 

Suzie Squier: Thank you for having me. 

Luke Vander Linden: And we also welcome your plus-one. Who did you bring with you? 

Suzie Squier: Yeah, Christian Beckner, the vice president of retail technology and cybersecurity for the National Retail Federation, who's been a good friend of ours for a number of years - so happy to bring him along for this conversation. 

Luke Vander Linden: Christian, that's quite the title. What does it mean? What do you do all day? 

Christian Beckner: So I have a few different things. So I have a - serve of a dual-hatted role at NRF. I work with our member CIOs, CTOs and CISOs on councils that they have that NRF manages - and so a lot of engagement around best practices and, you know, trying to get them to work more collaboratively together - but then also working on cyber and technology policy issues for NRF as part of our government relations team. 

Luke Vander Linden: Excellent. So you know, the three of us spent some time together at the NRF Big Show at the Javits Center in New York last month. It was an intimate gathering, I'd say, of, really, all the world's major retailers and some not-so-major ones. Christian, how many people ended up passing through the gates? 

Christian Beckner: We were excited to have over 35,000 people at the Big Show again this year. So it was great for the first time in three years to really have a big Big Show and be back to the levels that we had prior to the COVID pandemic. 

Luke Vander Linden: Yeah, wow. It was my first time there. It was truly a big show. You know, I was expecting more of, like, a merchandise kind of showcase. But there were a lot of technology vendors there. 

Christian Beckner: No, I mean, it really is a technology show. If you look at the expo floor, more than half the companies are technology companies. And so it really shows you the extent to which, you know, retail is being driven by technology - everything, you know, in the distribution center, in the store, all the e-commerce enabling technologies. There's - you know, as our CEO said, this used to be a retail show. It's now a technology show and a retail show. 

Luke Vander Linden: Yeah, absolutely. So Suzie and I were your guests at the big show - thank you very much - because we, the RH-ISAC and the NRF, entered into, I think, a pretty exciting partnership. Christian, you came to us with the idea for this partnership in an email sent from a plane on the way back from our Cyber Intelligence Summit in Plano, Texas, last fall. Why don't you give us a little background and history of what you had in mind? 

Christian Beckner: Sure. So - and a lot of this is, you know, thinking about how we can best serve our members and the retail industry overall, you know, and defining the retail industry broadly, sort of encompassing the other sectors that you work with, including hospitality. So, you know, so really, you know, I mean, our key goal as a trade association is to help our members in any way we can, whether it's on Capitol Hill, whether it's sort of, you know, in the boardroom, in - at our events in a variety of forums. And, you know, and thinking about sort of, you know, what we do well and what the RH-ISAC does well, it made sense to look at, were there opportunities to be, you know, more collaborative? Were there opportunities to be more, you know, streamlined in some of the things we were doing around threat intelligence and, in doing so, deliver sort of additional value to our members by being more collaborative? 

Christian Beckner: So I think that based upon those principles, we worked, you know, over the past - through the fall to sort of figure out a way to define, you know, new ways to be more collaborative with the goal of growing both organizations in terms of engagement and - you know, and getting, you know - delivering additional value to our members in the ways that we're best at. 

Luke Vander Linden: And, Suzie, we were pretty excited when we got that email. 

Suzie Squier: Oh, yeah. I mean, Christian and I have had great conversations over the years. And they have such a deep bench when it comes to all advocacy for the retail industry but in particular - in our particular area with cybersecurity, dealing with, you know, regulatory issues and legislative issues. And, you know, it makes sense. We were very happy to get that email from Christian and to continue to have the conversations because it just - to Christian's point, it just allows both of us to play to our strengths and to best serve both of our members and the sectors as a whole. 

Christian Beckner: Yeah, and I think another, you know, key factor here is with some of the broader policy and regulatory changes, cybersecurity has become a concern much more beyond the CISO level and the information security team over the past few years within our retail members and in the industry at large. So if you think about the new - you know, the incoming requirements from the SEC for - with respect to board of directors governance over cybersecurity, when you think about other new regulatory activities by a variety of agencies, you know, all of these are - if you think about cyber insurance coverage and the requirements that companies or cyber insurers are requiring to maintain coverage or even get coverage in the first place, all of these things are driving much more attention to cybersecurity in the C-suite, among the general counsels, the CFOs, the CEOs, the boards of directors. So I think that's where - one opportunity to strengthen how we work together and sort of help the CISOs who we both work with to be better and able to sort of work as strategic leaders and engaging with their senior-level business partners. 

Luke Vander Linden: Right. 

Suzie Squier: That's a good point. And to what Christian was saying earlier about the big show and to what you just said with their business partners, it's - there's so much. And retail moves so quickly and innovates, and they've got to be up to speed and be able to talk to not only their peers but the C-suite and the board on all of these important issues that you were just raising, Christian. 

Luke Vander Linden: So Christian, we're going to get to be your guests at another event coming up in a couple months, right? 

Christian Beckner: Yeah. We have NRF Protect, which is our broader security event that we have in the middle of the year. It's this year in June 5 to 7 in Dallas, Texas. So this is our event that brings together loss prevention, asset protection professionals together with fraud prevention professionals together with cybersecurity professionals - sort of a total retail security risk focus for - but with breakout content for each of the groups. And we're excited that, you know, Suzie and, you know, the RH-ISAC team are going to be, you know, curating one of the sessions there, you know, as part of this broader partnership that we put together. 

Luke Vander Linden: Yeah, it's a great opportunity as the definition of cybersecurity keeps merging with other types of asset protection and things, which is important. Suzie, how else do you see us working together with the NRF in the future? 

Suzie Squier: Well, I mean, I'm relying on Christian and his team to keep us well-informed as to all of the things that are going on because there is a lot. And that's not our focus what's going on on the Hill or, you know, in the States. And it's a big issue. And we can't wait to pull Christian into conversations at our upcoming CISO forum, where he's going to be. And maybe we can have a segment there, so - excited about that. At our summit, they'll be speaking, have a breakout session as well. So - and then just the ongoing conversation between us and engaging our members with Christian and his members and - you know, just to keep us all well-versed on this important issue. So... 

Luke Vander Linden: So Christian, the NRF has a lot of subgroups and councils, kind of like our working groups. You invited us at the big show to the IT Security Council meeting, which, by the way, was absolutely terrific. You had some great speakers lined up. You spoke on policy, board relations. You even got some folks from the new White House Office of the National Cyber Director. Hopefully, we'll be able to drop your name and get some of them on our podcast. But tell us a little bit about what the IT Security Council does. 

Christian Beckner: So the IT Security Council is NRF's council for CISOs and other senior-level cybersecurity professionals. NRF set it up back in 2014 about - I think around the same time that the RH-ISAC was created - initially, then, as the RS-ISc (ph). And, you know, this is our - you know, our sort of member group for - you know, so if your company is a member of NRF, you know, you can - if you're the CISO or the VP for information security or whatever that title may be, you and then, for some of the bigger companies, you know, a couple of your - the senior members of your team can join that group. 

Christian Beckner: And the focus over the years has really been around - you know, initially around sort of just building the network, you know, when this was sort of a more nascent issue for retailers, you know, just trying to connect with your peers to figure out what you should be doing. I think as retail overall has matured and teams have grown, you know, more demand for, you know, activities around, you know, benchmarking, you know, discussions around sort of current challenges and, you know, and thinking about - you know, just having that sort of broader peer network to bounce ideas off of and - you know, whether it's from workforce issues to a specific technical issue that you're working through. So - yeah, so it's - that group is around 250 people. A hundred and fifty companies, you know, participate in terms of having members of it. So I think, you know, with this new partnership, we also have opportunities to - you know, when we're doing some of these benchmarking surveys or working on other types of thought leadership or research to work together and do joint surveys and joint benchmarking projects, and I think - looking forward to opportunities for that in the coming months as well. 

Suzie Squier: Yeah. And, you know, NRF has a strong workforce program - correct me if I'm wrong, Christian, but, yeah, and I think that's, like, a key area that I think we could partner together and, you know, do some things together in that space since it's such a big issue for information security teams. 

Christian Beckner: Yeah. I mean, one of the things we had at the big show early on - like, two days before the show started - was the NRF Student Program. So we had, you know, close to a thousand student - college students who were interested in working in retail come to that. And, you know, that's something where our foundation has been working to get more of a technology focus as one of its priority areas. So, you know, as part of that, getting - you know, for college students who are focused on cybersecurity thinking about, you know, retail as an area of opportunity instead of just thinking about sort of, you know, other sectors that might sort of, you know, come more immediately to mind for sort of entry-level cybersecurity opportunities. 

Luke Vander Linden: Right. So Christian, you and Suzie have both talked about NRF's strengths in policy. What are - let's dig in. What are some of the policy issues that our members and listeners should be concerned about right now that you're working on? 

Christian Beckner: So, I mean, we cover the waterfront in terms of the policy issues that we address. I mean, we're - you know, everything from supply chain issues to labor issues to tax issues to privacy issues. You know, I think relevant to this audience on cybersecurity policy, we're tracking a number of things right now, everything from, as I mentioned earlier, the forthcoming SEC cybersecurity rule to the implementation of the new cyber incident disclosure requirements from a law that was passed last year that CISA is working to implement. We're also very active on the privacy issues, both at the federal level, the state level and at the international level. So - you know, and those issues are in many cases very related to cybersecurity issues. And I know a number of the retail CISOs also have dual-hatted responsibilities - the chief privacy officer, or they're responsible for implementing any new privacy requirement if the - that overall responsibility is more on the legal side. So, you know, privacy is an issue where you have had some, you know, pretty active work at federal legislation in the last part of 2022. And we're looking - we expect that - you know, even in a divided Congress, that this is one issue where there will be a lot of attention and legislation moving forward in the coming months. 

Luke Vander Linden: Which would be very welcome since this is such a hodgepodge of privacy laws around the country. Be good to have something unified, right? 

Christian Beckner: It would. And the challenge is to sort of do this in a way that sort of, you know, makes sure that you have the risk - the responsibility commensurate with sort of the actual risk and - that is out there. So we have different perspectives on different proposals and are making sure that retail has a seat at the table in those negotiations with - where you also have some of the larger technology companies and other industries participating as well. 

Luke Vander Linden: Well, Suzie, thank you very much for bringing Christian to the podcast as your plus-one today. Any final words from either of you, or how to get in touch if they want to - anybody who wants to get involved? 

Christian Beckner: Yeah. I mean, I would say, you know, reach out to me at becknerc@nrf.com. I'm happy to, you know, respond directly to emails. Or go to nrf.com and, you know, look up what we're doing around cybersecurity, and happy to have those discussions. 

Suzie Squier: And suzie.squier@rhisac.org - love to get any and all emails from folks, so let us know what you're interested in, and we'll bring it up. 

Luke Vander Linden: Excellent. Well, thank you both again for joining us. Next up, we'll be joined by Lee Clark, cyber threat intel analyst here at the RH-ISAC. He will summarize the latest cybersecurity threats facing the retail and hospitality industry in a monthly segment we call the briefing. 

Lee Clark: Hello, dear listeners. This is Lee Clark, the CTI writer and analyst with the RH-ISAC. I'm here with a monthly briefing on what we've been seeing in the cyber threat landscape. The first thing I want to go into for our purposes here is a little bit of a change we're doing with our reporting here at the RH-ISAC intel team. We recently adopted the TLP 2.0 standards. So as of January 4 of this year, all products and briefings from the RH-ISAC will follow the new Traffic Light Protocol - that's TLP - 2.0 standards. TLP 2.0 comes with two distinct changes. The first is a new version of the Amber category. That's going to be TLP:AMBER+STRICT, which indicates that information can only be shared within a recipient's organization. TLP:AMBER now indicates that information can be shared with a recipient's organization and with its clients on a need-to-know basis. The second change to TLP under the 2.0 standards is that TLP:WHITE is now replaced with TLP:CLEAR to indicate the content can be shared with the general public. The 2.0 also includes more detailed definition of some of the TLP categories and guidelines for sharing across TLP levels. This podcast will be TLP:CLEAR for you. 

Lee Clark: So if we get into some of the interesting things we've seen over the course of the past month - right? - if we start working our way back to the present - right? - the first one that we've got is an update to the Prilex point-of-sale malware, right? Prilex is probably one of the most prolific and sophisticated point-of-sale-focused malwares that's out there. It's been active since at least 2014, mostly seen targeting retail organizations in Latin America, but it has been reported on several occasions targeting physical locations in the continental United States. 

Lee Clark: There's a new update to the POS malware that's got what looks like at least three new variants, which include a new capability to block contactless payment transactions. So what that looks like is whenever a user attempts to use their card in a contactless way on an infected POS device, the malware will actually detect that that's happening, and they will block that transaction going through. This is in an attempt to get the victim to plug their card into the POS device manually so the malware can steal the information on the card. 

Lee Clark: Earlier in the year, there were some updates to the malware as well, including the ability to conduct fraudulent ghost transactions using cryptograms generated by the payment cards during the payment process. So what this kind of shows us is that the POS malware landscape is evolving actively and that the threat actors who are leveraging specific targeted custom malware to target organizations using POS devices are really sophisticated and really dedicated to making sure that they are on top of emerging technology and security trends and trying to circumvent them. 

Lee Clark: If we move along, we've also seen developments in the past few months on the ransomware side of the house, right? So ransomware remains one of the leading threats to all organizations, including the organizations we serve here at the RH-ISAC in the retail, hospitality, transportation, food industries. All of those industries are regularly in the top 10 industries targeted in ransomware attacks, right? So earlier this year, a new ransomware was reported by Trend Micro researchers. They've named it Mimic. And they've been observing this since at least June of last year, and it's been targeting English and Russian users, right? According to the researchers, the campaign is delivering executables that drop a lot of binaries and archives containing their final payload. 

Lee Clark: But the key distinguishing feature of Mimic is that it's using Everything APIs. Everything is a Windows filename search engine that's known for quick real-time updates and minimal resource usage. So it's a pretty helpful little tool. Mimic uses the APIs inside Everything to speed up its encryption process by searching for high-value or necessary files and encrypting those first. So even if an organization's excellent response was able to stop the ransomware attack in progress, they would have still at least caused some damage, despite being stopped, if that were to happen. 

Lee Clark: Moving right along, this gets us up to more recently - today, right? Proofpoint researchers last week put out a really interesting technical deep dive report into multiple phishing campaigns that they have investigated that appear to be targeting large organizations in multiple industries in the U.S. and Germany. They've attributed this activity to TA866, which they assess is a new threat group with a high degree of technical sophistication and is also well resourced. It looks like the group is primarily financially motivated, and these campaigns are currently active and have been so since at least October of last year. And what's interesting about these campaigns is they are dropping four specific tools using malicious URLs contained inside Publisher files, right? 

Lee Clark: So if we talk about those four tools really quickly, the first one is WasabiSeed, which is a simple VBS downloader which repeatedly uses Windows Installer to connect to the command and control server. 

Lee Clark: The second is Screenshotter, which is a utility with a single function that takes screenshots of user's desktops and sends it to the command and control server for threat actors to assess what actions a victim is taking on their machine. 

Lee Clark: The third is the AHK Bot, which was only delivered in instances where threat actors found interesting content on victim devices within the screenshots stolen by Screenshotter. According to reports, AHK Bot is a collection of separate AutoHotkey scripts. Many of them share the same hardcoded command and control address and use the same C: drive serial in the URL path. 

Lee Clark: And the final tool being distributed is the Rhadamanthys Stealer, which includes several functions, including stealing crypto wallets, stealing Steam account credentials, stealing passwords out of browsers, stealing chat clients, email clients, even VPN configurations, cookies and grab files. 

Lee Clark: This campaign appears to be pretty prolific and pretty recent and ongoing, so it's worth noting that it's targeting multiple organizations and multiple industries, including the ones we serve here at the RH-ISAC. And with that, that covers a lot of what we've been seeing for the past month. 

Luke Vander Linden: Wow. Thank you, Lee. It's always good to have you on the podcast. And wow, there's a lot for our members and retailers to be dealing with right now. Especially, that POS stuff is interesting because it's kind of another demonstration of the convergence between cybersecurity and physical security as well. One thing I wanted to ask - I've seen a lot of chatter on - about this Microsoft OneNote vulnerability. Seems like such an innocuous and simple program application that most folks wouldn't really pay attention to it and would trust anything they'd get from it. But it seems to be a vector for some malware, right? 

Lee Clark: Yeah. So this is an interesting point to highlight the adaptability of threat actors to changes in the security landscape. So what's been happening over the course of the last year is Microsoft's been making any number of changes to the way that their products handle certain technical features that have been traditional vectors for attack. One of the common ones is they disabled macros recently, right? That was the big one in the news. Macros were a threat actor's bread and butter for malicious attachments, right? The thing that's primarily making OneNote newly attractive is a lot of the protections that Microsoft has been enacting are not necessarily enabled for OneNote documents. OneNote documents were patched pretty quietly recently to sort of give a decrease to the potential for abuse, but they're not entirely safe from it. 

Lee Clark: And the reason we're seeing such an explosion in OneNote abuse by threat actors both within the ISAC community, reported as being observed and halted by members, as well as an open source being reported out in the news, is because it's easy. It's a good, new vector - well, it's not new. It's a good vector that is still open and easy and works, right? Phishing remains - consistently, every quarter - the top threat vector by which threat actors attempt to deliver malware to organizations in the RH-ISAC core industries - right? - because it works. And attaching OneNote documents continues to increase in attractiveness because there are still vulnerabilities, such as a lack of Mark-of-the-Web detection that haven't been fully patched and fully realized. So that's why we're seeing that huge spike right now. 

Luke Vander Linden: Right. So until these are patched, security awareness, security awareness, security awareness, since these are the individuals that are the ones who are being targeted with these attacks. So - Lee. 

Lee Clark: Well, this is a great point as well, Luke, because, like, we always say security awareness, right? We say security awareness as a key differentiator for defensive programs. And at this point, when we say it, it almost comes off as flippant because it seems so basic. 

Luke Vander Linden: Right. 

Lee Clark: It's - most organizations already have something like this, and it's not a satisfying answer, right? It's not a new, fancy, exciting, expensive gadget that you can implement into your environment. It's a training program. But the interesting thing here is even though we all know about it, even though we're all bored to death by the training modules that we have to sit through and the videos and little quizzes that we have to take... 

Luke Vander Linden: Right. 

Lee Clark: ...Statistically, they work. That's the thing. Statistically, these training modules and these security awareness programs work. You see marked increases in the threat landscape literacy of employees who have no cyber background after they take these training modules, right? Someone who has no technical aspect to their job all of a sudden knows what to look for in phishing messages, and they know not to click on them. So as basic and as tedious as these security awareness exercises can be, we know for a fact that they work. 

Luke Vander Linden: They work. Yep. Excellent. Thank you very much, Lee. I appreciate you coming on and look forward to talking to you again next month, if not sooner. 

Lee Clark: Thank you, Luke. Always great to get a chance to talk to the membership. 

Luke Vander Linden: Alex, it's great to see you. You've been a very, very busy woman so far this year. 

Alex Brown: Luke, great to see you. Thanks for having me. 

Luke Vander Linden: So tell us more about what you do at the RH-ISAC and what you've been working on. What's been keeping you so busy? 

Alex Brown: Yeah, absolutely. Hello, everyone. I'm Alex Brown. I'm the director of events here at the RH-ISAC. My role is to help bring the RH-ISAC community together through our portfolio of event offerings, which includes networking events and happy hours and educational programs, like regional workshops, CISO events like roundtables and forums and a summit that we host annually. We're kicking things off this year with the Regional Workshop series, and in fact, our first regional workshop took place last week. So these are one-day programs with an agenda that includes both presentations and networking time. As the name indicates, each workshop is designated to welcome folks from different regions of the U.S. and abroad to help build relationships in these smaller group settings. 

Alex Brown: Each workshop is hosted by an RH-ISAC member company, and we anticipate between 30 or 40 attendees at each event. So as far as the agenda goes, we kick things off with welcome remarks from our team and the host member company, and then we go through an icebreaker game so attendees can introduce themselves. The agenda flows into member-delivered presentations on high-priority topics, interactive discussions on topics like security operations and tradecraft, presentation from the RH-ISAC intelligence team and a briefing from subject matter experts provided by our workshop sponsor. We will have a light continental-style breakfast along with complimentary catered lunch and a happy hour available for all attendees. 

Alex Brown: For our workshop last week, the program was hosted by PetSmart and took place in Phoenix, Ariz. PetSmart delivered a presentation on their journey to automation. American Express Global Business Travel talked about using deception technology to enhance threat detection. S3 Security helped attendees rethink vulnerability management. And the RH-ISAC team went over our sharing and engagement ecosystem, including highlights from our recently released CISO and practitioner benchmark. 

Luke Vander Linden: Wow. That is a packed agenda both for the Phoenix one, and if the other ones are similar, you're really going to need that happy hour afterwards to decompress after everything. So, you know, I started working here about two years ago, right smack in the middle of COVID. You've been here a little longer than that, I think, right? So all I knew when I started is that we had a pretty good schedule of virtual events, like everyone did during those dark, dark days of COVID. But last year, we got to get out in the world again. And I'm in the position to talk to our members a lot. And let me tell you, they loved being able to see each other and collaborate and network in person. What aspects of the regional workshops do you think are the most compelling or exciting? 

Alex Brown: For me, these programs are a really great way to keep the community engaged at this regional level, and it's a pleasure to see relationships grow among members in real time and in person. I really enjoyed the open-format sessions, like the interactive discussions and the open forums, where attendees have the floor to ask questions to one another and discuss shared challenges and pain points out in the open. It's nice to see folks open up in that informal way and just talk about what's top of mind to them at that very moment. 

Luke Vander Linden: Excellent. So let's look at the schedule coming up. Scheduling last year was tough 'cause we were in person for some of them last year. And it was tough because we were kind of at the whim of the companies - as you said, our members host them - we're at the whim of the companies who are allowing outsiders into their offices. That wasn't a problem this year. So where are we going to have these events this year? 

Alex Brown: We will be having our events all across the U.S. and globally as well. So as I said, our first regional event kicks off in Phoenix, Ariz., at PetSmart. We'll then be going to Atlanta, Ga., for IHG Hotels on March 14. And on March 29, will be in Piscataway, N.J., for the Colgate-Palmolive workshop. We will be also going to Barcelona for the Nestle program, and Natura & Co, which is going to take place in London. We'll close out the series with our workshop hosted by Expedia in Seattle, Wash. 

Luke Vander Linden: That's excellent. And, you know, I know that we cover a huge swath of the U.S., as you described, but I'm very happy to see that we're expanding beyond our shores. And I know not all the details are worked out yet 'cause it is a bit more complicated as we head outside of the U.S. But how do you think those European ones are going to differ from the ones in the United States? 

Alex Brown: Great question. We are really excited to be bringing these regional workshops to both Barcelona, like I said, hosted by Nestle, and London, hosted by Natura & Co. It'll be in the early - or in the spring or early summer of this year. The main differences that you'll see with these programs is that they'll have a little bit different timing. We're hoping that we'll be reaching a broader audience, both the tactical and strategic audience within the cybersecurity community. So you'll see, for instance, in Barcelona, there will be a two-day program that begins midday and then ends the following afternoon. And then for both of the programs, we'll have built-in breakout session time blocks so that we can have conversations with the tactical analyst folks and then also the more strategic audience simultaneously. And aside from those areas, the mission of the workshop really remains the same as those that we're hosting in the U.S. Our goal is to bring small groups of retail and hospitality cybersecurity practitioners together to engage with, network and learn from one another in an informal setting. 

Luke Vander Linden: That's excellent. So someone listening - they may be a member; they may work at a retail company that isn't a member - can they come to a workshop? Who's eligible to attend? 

Alex Brown: Yeah, absolutely. So our workshops are open to both member and nonmember retail and hospitality cybersecurity practitioners only. 

Luke Vander Linden: And what should attendees do to prepare? 

Alex Brown: I love this question. So I'd say the best way to prepare as an attendee is to come ready to share thoughts and challenges and have an open mind when engaging throughout the day. These programs, by and large, are full-day - 9 a.m. to 4 p.m. - events, with a celebratory happy hour that follows the day. So we encourage all attendees to set their out-of-office notifications up, let their co-workers know that they will be away from the office all day. And then when they're at the program, they should try to get to know new faces and names and enjoy the presentations that have been thoughtfully prepared by their peers. 

Luke Vander Linden: Excellent. So I guess the final logical question is, where can people who are interested find out more about the series, and how can they register? 

Alex Brown: Anyone interested in learning more about the workshops should visit rhisac.org/events to see our entire calendar of upcoming programs. From there, you can click into the workshop of your choosing and register for the day. 

Luke Vander Linden: Excellent. Alex Brown, thank you very much for joining us on the "RH-ISAC Podcast." Looking forward to seeing you again soon. 

Alex Brown: Thanks, Luke. Have a good day. 

Luke Vander Linden: And that's a wrap for the first episode of the "RH-ISAC Podcast" that's part of the CyberWire Network. Thank you to our guests, Suzie Squier, Christian Beckner, Lee Clark and Alex Brown. And a special thank you to our expanded production team for getting us going. For the RH-ISAC, Annie Chambliss and Marisa Troscianecki. And for CyberWire, senior producer is Jennifer Eiben, theme song and lots of advice on how to sound better from Elliott Peltzman and mixing by Tre Hester. Send us your thoughts - good, bad and ugly - to podcast@rhisac.org. We'll have a new episode wherever you get your favorite highest-quality podcasts in about two weeks. In the meantime, stay safe out there.