The Retail & Hospitality ISAC Podcast 5.15.24
Ep 50 | 5.15.24

Target’s Philosophy on Sharing & What’s Next for RH-ISAC


Luke Vander Linden: This is Luke Vander Linden, vice president of membership of the Retail and Hospitality Information Sharing and Access Center, and this is the "RH-ISAC" podcast. [ Music ] No joke, I was just perusing our list of past episodes, and I realized this is our 50th episode. Yes! The first one was back in February of 2022, covering that year's CISO benchmark report. Good stuff. So I tried to do a quick count. I think we've had 78 member employees on the show. That's 78 employees representative from our member companies, about a dozen of our staff members, and also about a dozen guests from industry partners and the government sector. That's a pretty cool run. And this episode is no exception. You're going to love this. I will be joined by none other than Target CISO Rich Agostino. And if that isn't enough, he'll be followed by RH-ISAC president, the one, the only, Suzie Squier. A big day for the "RH-ISAC" podcast, and a big day for me. These two need no introduction, so I will not waste any more time. I will say this one more thing, though. If your company is not yet a member of the RH-ISAC, go to to learn more and to start the process. [ Music ] Alright. I am now very honored to be joined on the podcast by Rich Agostino, senior vice-president and chief information security officer at Target. Rich, thank you so much for joining us.

Rich Agostino: Thank you, Luke. Excited to be here.

Luke Vander Linden: So you and I get to work together from time to time since you are indeed the chair of the RH-ISAC board, and have been since, I think, 2019. So I think -- and I think most of our members and listeners know who you are. But outside of knowing that you grew up in Connecticut, not too far from where I'm sitting now, and are a proud alum of University of Connecticut and the competitive spirit there obviously, has no doubt played a part in the recent success on the basketball court. I don't know much about your career path and how you made it to Target.

Rich Agostino: Yes. So let me just start with kind of my role, because I think I wear a few different hats. From a -- you know, from a Target perspective, I have the privilege of leading one of the best cybersecurity teams in the world. I also lead infrastructure as an SVP as part of the technology team at Target. But one of the things I love about my job, and the CISO job, is I also get to play a big role externally. So as you mentioned, chair of the board at RH-ISAC. I get to represent retailers as the PCI council board of advisor. I get to work with a lot of different groups that are supporting the development of talent in the cybersecurity space. So we're kind of, you know, getting ready for the future of, you know, talent pipeline and diverse talent. And you know, on the side, I have another difficult but often fun job which is being the dad of triplets, 7-year-old boys.

Luke Vander Linden: Yes. As a father of two boys myself, I understand. You have one more, so you're outnumbered.

Rich Agostino: [laughs] that's right. So yes, as far as my career path, I always like to say if you look at my career path on paper -- so you go to LinkedIn and look at the trail of how I got to CISO, it looks very well thought-out. Like this person really thought about how do you get to be a CISO? I spent 12 years at GE, started off in a development engineering role. Moved into security and compliance roles. Those eventually elevated into leadership, executive security roles. I came to Target in 2014, after the big public 2013 breach, as a VP. I was promoted to CISO in 2017. So it all looks very nice and neat on paper. But realistically, you know this, if you go back a couple of decades, cybersecurity wasn't even a major in school when I was there. And when people said, what do you aspire to be, you couldn't really aspire to be a CISO, because most companies didn't have CISOs the way the roles exist today. And so, I'm a product of growing up through the time when companies were really starting to realize the seriousness of the threats. So I always tell people, you know, if you're aspiring to be a CISO, don't look at the CISOs career path today, because this job just changes, and the threat landscape just changes all the time. We don't know what it will be like in 20 years. Find what you're passionate about in security, what you love to do, and just be great at that.

Luke Vander Linden: I love that, because you know, I often look at career paths and see, you know, if there is a logical path. And for this industry more than others I think, people fall into it, because as you said, it didn't exist as a major, much less a career, not that long ago. So it's great, and I think probably in this career, mentors, the people who you meet early on in your career kind of guide you and are more important than most. Are there any mentors or events that you recall as particularly meaningful in your career journey?

Rich Agostino: Yes. I think I've been lucky to have worked with a lot of great people. And if I start listing them, it will sound like the Academy Awards. Go down a long list of people, and then somebody will get mad that I forgot to say their name. So rather than name people, let me give some advice as I think about mentors. I think it's really important to have those formal mentors in your life, the people you can reach out to as you're making career decisions. But one of the things that I always encourage people is to look around you and realize that everyday you're around mentors who don't know that they're your mentors, right? Most of my leadership development through my career has come from observing the people that I see that I want to emulate, and seeing the people that I don't want to emulate. And I think if you can consciously observe the things that you admire about people and the things that you don't want to be as a leader, and actively coach yourself and develop yourself that way, I think then you're surrounded by mentors all the time. And there's nothing stronger than that.

Luke Vander Linden: And both good and bad. You can see bad behavior, and make a conscious decision not to follow that as well. So it's not necessarily having to be surrounded by the best. So turning to the RH-ISAC, you know, we turned 10 years old this year, and if you're a regular listener of the podcast, I kind of sound like a broken record, because I've been talking about that a lot. But 10 years ago, isn't a long time, but as we discussed, it's a huge -- it's a lifetime in cybersecurity. What was the landscape back in 2013, 2014, when you first came to Target and when we were founded? What were the big threats?

Rich Agostino: Yes, it did feel like a lifetime. I was doing the research for the keynote I just did at the summit. And it was a lot of fun looking back just 10, 12 years and thinking how different things were. I was at GE at the time, and we were very familiar with hacking. We were very familiar with nation-state attacks, corporate espionage. Companies like GE were dealing with that all the time. Most of the public wasn't aware a lot of that was going on. 2013 we had launched the APT31 report which brought a lot of visibility to nation-state actors and corporate espionage. That was the time when Anonymous was wreaking havoc with really big public campaigns against companies supporting social, political, and economic beliefs. So really those things started to become mainstream. But then I was doing the research and I was thinking what are the -- you know, what are the top threats in retail in 2012 and 2013? And very little came up. Retail really wasn't in the discussion at that point in time. But then something happened, Luke, and I think you and I know what that was, right?

Luke Vander Linden: Yes, we do. Kind of a big year for your employer, but also other retailers.

Rich Agostino: Yes, that's right. So end of 2013, the Target breach, and I was -- had the opportunity of looking inward from an external view at the time at Target. And the -- you know, the discussion at the time was really this is the biggest breach in history. You know, this is the first breach in history, and most of us that were in the industry knew neither of those was true, right? But it was significant. It was significant to the entire industry because it was the first time that consumers felt like they were attacked. The company should have done more to protect them. Retail companies looked and said, hey, hacking is not a nuisance. A breach could actually have impact for the long-term health of a company. And from a security perspective, when you look at the anatomy of the attack, this wasn't opportunistic, right? This looked very much like a nation-state kill chain of you know, the sophistication, complexity, really, you know, persistent stuff through the process. And so that really meant that retailers had to look at security in a very different lens, not just for the short-term, but for the long-term. And one of the big questions the public was asking at the time as more and more retailers were getting hit with POS malware was, why aren't they all talking to each other? Right? Financial services had been doing this for more than a decade with the FS-ISAC, a lot of other industries were doing that. And so out of that conversation and out of the threat landscape changing, the R-CISC was born.

Luke Vander Linden: That's great. You know, it's -- you mentioned other ISACs that existed. There are about three dozen, depending on how you count, and they all obviously are very, very important for sharing in their sectors. But I think it's amazing; is I wake up for work every day, the number of consumers that we're helping to protect. And as you point out, the sharing that is so important. So we started 10 years ago, 2014, with I think about 30 members. And it started growing. But we weren't necessarily growing and sharing. And that was -- that's the reason the organization exists. So how did -- from your point of view I guess as an early-on member when you did join Target, did that -- or did the organization work to establish trust among its members so that there could be sharing and collaboration?

Rich Agostino: Yes, yes. And looking back at the formation again for research for the keynote I just did, I was pulling up articles, and people were talking about the formation of the ISAC, and there was a lot of applauding for this is going to be great for the industry, but there were a few that were calling out, hey, it's going to take time for these companies to develop that trust with each other and really start sharing. I just don't think people really understood that time didn't mean months. Time meant years. And so if you look to the first couple of years of the ISAC, we couldn't even pull metrics to show how much sharing there was, because there was so little. But I think -- two big things I think drove the increase in sharing. One is just persistence of the companies like Target and a handful of others just really believed in the mission. And so there were points in time where Target was sharing the bulk of the information into the ISAC, not getting as much back. And you have to kind of question the value at that point, but we belied in the mission. We believed the only way to stop threat actors was to work together. And so we kept modeling the behavior. More and more other companies joined in and started sharing more over a couple of years. The second catalyst was your boss, Suzie Squier, coming in in 2017 who we all know is incredibly passionate and energetic, and did a lot to bring the community together and she took what I would call it a stick and carrot approach. The stick being if you're not sharing, I'm going to name and shame you, alright? Don't just come here to consume, you've got to share. And the carrot was, she brought us together in a fun way. Competitions to reward, you know, the top sharers. Peer choice awards at the annual summit. And so it became really a point of pride for companies to be part of the ISAC and to take pride in what they were sharing to the ISAC, as well as what they were getting out of it.

Luke Vander Linden: Yes, and that leadership from Suzie, I'll be honest, continues to this day. And I'll be talking to her a little later on the episode, but your leadership as well, and Target's leadership, you talked about how it led by example in, you know, being the dominant sharer, and still to this day. Not only within the RH-ISAC, but just in general, in addition to buying a lot of diapers at Target, I often sing its praises in how it responded to that breach 10 years ago. I get to visit your Fusion Center last year when you hosted us, and saw it. Everything -- not only how impressive the Fusion Center is, but the number of patents that you guys have that you just released to other cybersecurity and security professionals just to help protect their retail environments as well.

Rich Agostino: And you know, from the very beginning, two key parts of our strategy were around team and industry collaboration from a team perspective. That meant we were going to bring in experts so we in-housed the majority of cyber at Target. We've got some really great expertise, great engineers, and that's resulted in a lot of innovation. So we have over a couple dozen patents on security technology. But the second part was industry collaboration in terms of we believe security is a team sport. And while I don't hear a lot of people say that, you know this, Luke, Target, we really put our money where our mouth is on that, and we're constantly out there and sharing what we can. So while we're developing these innovations and we're patenting them at the same time, whenever there's an opportunity to share those more broadly, we're doing that. So we've contributed a lot to open source. I'd encourage the listeners to check out the Target tech blog. Luke, maybe you can put it in the show notes there. But there are some really good articles on Target's open source around things like our Cyber Fusion Center tooling. We've got two really interesting solutions for retail hospitality around skimming, one called Merry Maker, which focuses on digital skimming. One called Easy Sweep, which is focused on in-store physical skimming detection. But there's a lot of great stuff out there.

Luke Vander Linden: That's incredible. So going back to when we started, we first called the R-CISC because our focus was entirely on retail. But then as we have evolved over the last decade, we've broadened that focus to really all consumer-facing business. Restaurants, hotels, consumer goods. Can you talk about some of those developments that made us broaden that scope?

Rich Agostino: Yes. I mean, first you haven to start with, I think, the purpose of ISACs and the reason there is so many is because where you try to align ISACs to risks that are common among the memberships so that you can have the right discussions, and oftentimes that aligns to a specific industry, retail, or hospitality. But threat actors don't think that way, Luke, you know [laughs]? Right? They -- you know, you want to log in to a website to buy one of your kids the latest Cat and Jack items from Target. They don't look at that differently from you logging into a hotel website to book a room, or an airline website to see if you've got enough loyalty points for your next vacation. And so they don't have that bias, and so we can't have that bias. And so the way we think about the way the current RH-ISAC has become is we are really the organization that's focused on consumer protection around interaction with broad consumer bases and brands that the consumers interact with. And so because of that we have retail, we've integrated hospitality. We have several airlines. We have a lot of consumer goods companies, all coming together and sharing around those common similar risks.

Luke Vander Linden: Yes, I think probably any more than any other ISAC, we overlap with other industries. We mentioned many. Aviation has its own ISAC; healthcare has its own ISAC. We have pharmacies. So it's important for us I think to just be in that place where we're protecting consumers broadly, right?

Rich Agostino: Yes, and it's also important for people to realize you don't have to be a member of just one, right? The more sharing the better. So Target's a member of, obviously this one, but the FS-ISAC, all of our aviation, airline members are also a member of the aviation ISAC. That's great. That's great. All come together. Join as much as you can.

Luke Vander Linden: Yes absolutely. So when I first joined the RH-ISAC which is now about 3 1/2 years ago, the industry was in the depths of probably the greatest crisis in our lifetimes broadly, COVID-19, the pandemic. Crushed retail. Almost destroyed travel. So could you explain a little bit about what you experienced with the industry was going through then?

Rich Agostino: Yes. And I think it really was -- I mean, it was a stress test for life in general, but I think it was a stress test for the ISAC as well, because the industry, our industry in particular, was hit pretty hard. And when you think about the decisions that companies' CISOs needed to make at the time, it would have been really, really easy and understandable at that time for people to say I've got to focus inwardly on my company. I'm going to focus on if I'm critical, serving the consumers as they come in. I've furloughed teams I've got to focus on, my minimum amount of resources on what I need to protect the company. Very easy to say put the ISAC aside for now. But that didn't happen. The exact opposite happened. We saw membership go up; we saw engagement go up. We saw sharing go up and all of that really at a time when we really needed each other the most, right? The world was changing faster than ever, and everybody was there to support each other. So I think that in itself was a testament that said to me the ISAC has really made it. Because this is a critical part of the security program, and when push comes to shove, and you have to prioritize the things that are really important, the ISAC is one of them.

Luke Vander Linden: That's great. And you know, I think the last summit we had in Denver was testament to that. There was an energy that I -- you know, I felt -- obviously it's a very active community, but there was a special energy there I think that we're getting better and stronger now that we were, you know, emerged from COVID and are now growing even faster. So in your view, what does the environment look like now? What does the RH-ISAC look like now? Whipping out your crystal ball, as I'm sure you have one, what do you foresee in the next year, decade?

Rich Agostino: Well, I mean I think if you pay attention to any news, it doesn't matter, because AI is going to destroy us all, right Luke?

Luke Vander Linden: We'll have to earn new jobs.

Rich Agostino: Right. Either that or it's going to save us all. We're going to be sitting on a beach somewhere and AI Rich and AI Luke are going to be creating a podcast. But no, I do think, obviously AI is changing the landscape. It's something we've got to stay on top of. I think it's one of the fastest-moving, fastest-changing technologies we've ever seen. So absolutely that should be a focus. But what I always like to remind everybody is, you're looking to the future, but don't forget about what's in the present. And right now, there's a couple really big things in front of us, the biggest being ransomware. I mean today, every day, companies are hit with ransomware. We can't take our eye off of that. I don't see any trend or anybody who has any high good hypothesis as to what will make that slow down or stop. So I think our focus needs to stay on prevention, detection, and resilience around ransomware. The second one I would call out which is an interesting trend in our industry is organized retail crime, which historically we used to think about in terms of shoplifting or maybe smash-and-grab robberies. But what we've seen over the last several years is this convergence of physical stacked with digital footprint. And so when you think about things like drive-up and pick-up services, and digital wallets, and the emerging of e-commerce and in-store. All of those things have created this network that looks very similar to what cybercrime looked like 10 years ago. And so I think you'll see cyber teams and the ISACs start to play more of a role in sharing -- sharing risks and ideas on how to disrupt that as we look to the future. Who knows what's 10 years from now? I looked back at the last 10 years and I said, man we were good at predicting some things, but wow, we were really surprised by a lot. So we don't have a crystal ball, but I think that's why being a member of a group like this ISAC is so important, because you've got -- it's not just you with your ear to the ground, you've got 280 members that are all seeing different things everyday and we're talking about it.

Luke Vander Linden: Right, and that represents for us about 3400 professionals. But I guess the only certainty is that there will still be threats. They'll still be evolving, and we'll still have to respond to them to protect our customers.

Rich Agostino: Right. Which the takeaway punchline there Luke, is it's a great time to get into a cybersecurity career.

Luke Vander Linden: Absolutely. We need more hands, more than ever. Rich Agostino, thank you so much for your leadership of the ISAC and in the industry overall. Thank you for being on the podcast.

Rich Agostino: Alright. Thank you. [ Music ]

Luke Vander Linden: Alright, from one great leader to another. I am now joined by Suzie Squier, president of the RH-ISAC.

Suzie Squier: Hi, Luke.

Luke Vander Linden: Welcome back to the podcast, and you know, you've had a great series of interviews over the past dozen or so episodes with many of the CISOs who were there at the beginning. Our founders. And we've just heard Rich talk about how we've grown over the past decade. You're one of our founders, too. So I'd love to get your perspective on where we've been and how we got to where we are today.

Suzie Squier: Well, I'd say that where we -- how we got to where we are today is because of those men and women at the very beginning. And the passion and the dedication they had to getting this organization developed, the time they put in away from their day job, and their passion to getting it going, which as I'm sure, as Rich has said, is not easy. You know, the care and feeding of an organization and especially when you're asking people to come out of their comfort zones and share on bad stuff is not an easy thing to do. And I think we may have thought that was going to be easier than it was.

Luke Vander Linden: You know, he said that exact thing. And that stuck out to me that in our conversation when the R-CISC was founded, as we were known then, the companies were very optimistic about how -- you know, about what was going to be shared, but then it took time and patience, Rich said years, to build the trust up to facilitate that sharing.

Suzie Squier: Yes, and the thing that helped in the beginning was a lot of in-person meetings. And that's where I credit them taking the time and resources and their companies allowing them to do so, to meet one another, to get to know one another, and to feel comfortable with one another. But then, you know, you have teams, you know? I mean, they're leading. They're not the ones that can -- you know, they've got to instill that in their teams and their team has to be comfortable with it. And you know, that took some time to build that out. Having our meetings -- like we met in Chicago, where we could bring people together, that really helped a lot. And you know, as I think Rich pointed out, I did start calling people out, mostly for doing good. You know, I prefer more the carrot than the stick. So it's like, do you want to be in the sharing club? Then do you want to be listed here as someone who's a contributor? Then jump in. And a lot of our staff members at the time thought that I was not going down the good path [laughs]. Which is not surprising for me. And they could have been right. But it turned out to be fun, and people liked it.

Luke Vander Linden: At the end of the day, we now have an organization that is 90-something percent of our members sharing or collaborating in some way. And we know that even with that number, there's still lots of room for improvement on how they're sharing, what they're sharing. But carrot, stick; tell me more about that. I mean, both you and he talked about how you were kind of spotlighting folks, whether they were sharing or not, but what else works?

Suzie Squier: A lot of communication. A lot of calling individual companies and talking to them. But I would say that surprising on the -- you know, maybe the practitioner level, they are competitive, you know? A lot of people say, and I don't know if this is a generality, that you know, they're introvert or -- maybe they are. But I don't care. They like to be on top of the board. And so just working with them, we change our staff a lot. I mean, when I first took over, there was some, you know, changes that had to undergo. And I have to give Muktar a ton of credit. Like, he is still beloved to this day, even though he drives me crazy. But you know, people want to be on the weekly intel call and say hello to Muktar. And he was a key hire in helping build relationships. Because it is all about relationships. It's still about relationships.

Luke Vander Linden: Yes, not only relationships between members and staff, but with each other. And I think your point about in-person meetings, we just had our summit a couple weeks ago. And having that, whether it's in the session, whether it's at the bar, whether it's at a networking event, getting to know someone face-to-face makes you much more comfortable to share the kinds of things we're going to be sharing.

Suzie Squier: Yes. We really need to have it. And our workshops are also great, because those are smaller environments where people can get to know one another. And that's -- we also try to adopt that on our calls, you know? And we don't do this now, but in the beginning, the weekly intel call, we did go through kind of a round robin, and where are you from and who you are and we have too many to do that. But I still do it with our CISOs, when we have our monthly CISO call, because I love it. And I love to see them and welcome them. And I want them to get familiar with who everybody else is on it. And I also think that when you hear your voice in a meeting, it helps break that barrier to talk. That's my own personal thought.

Luke Vander Linden: No, I think you're right. And you know, that is one of the big changes since I've been here, about 3 1/2 years. That weekly intel call used to have 35, 40 people on it. Now it's pushing 90. There's no way to make everybody talk. You'd run out of time right away. What other -- it's great you brought up Muktar, by the way. He's one -- of the dozen or so staff people that have been on the podcast, he's not been on the podcast. I think he's a little shy. A little -- you know.

Suzie Squier: Yes, he's a curmudgeon. Let's just put it out there. He's a curmudgeon. Alex is also -- Alex Brown who runs our events and does an awesome job is also our longest-tenured employee.

Luke Vander Linden: She is indeed. And she has been on the podcast a couple times.

Suzie Squier: Yes, she's great.

Luke Vander Linden: Which is great. What other differences would you point out between 10 years ago or what was it, seven years ago that you became an employee?

Suzie Squier: Yes.

Luke Vander Linden: And now.

Suzie Squier: The culture is great. I have heard -- you know, there are sharing cultures where they do shame people if they say something stupid. And we've never done that. And I'm so proud of our members for never doing that. We welcome everybody: newbie, experienced, whatever. So that's been great. I think, you know, the sophistication of some of the companies has been great to see. You know, Target has always been a great supporter of ours, as we know. And -- but we have others that are jumping in and willing to help with that. So the difference between then and now, I think our working groups are awesome. And we get to know so many more people from different areas, like risk management, like identify and access management. And I love getting to you know, know and see them and hear from them. So there's a lot of growth in pulling in all aspects of the company. You know, fraud is a, obviously, a very big area that we've been growing in. So that's been different. And that's just an evolution of growth, you know, of who we are.

Luke Vander Linden: And I think an evolution of the industry. I mean, the definition of cybersecurity keeps expanding and creeping bigger and bigger. And some of those things don't necessarily report up to the CISO, but are kind of part of the ecosystem that we support.

Suzie Squier: I think the other thing that we do that people appreciate is the research aspect. You know, the benchmarking that we do on the CISO level. The RFI summaries are, you know, strong. But you know -- I mean, data is king. So if we can pull information and provide our members with that, you know, to have a report where you're curing from 150 retail or hospitality companies, you don't get that in other, you know, well-known reports. Like the percentage of retail and hospitality is like, you know --

Luke Vander Linden: It's usually tiny. Yes.

Suzie Squier: Yes. Very tiny. So it's great.

Luke Vander Linden: That's great. So you know, the nature of this industry, and it always will be, is of course, shrouded in secrecy. Obviously, there's the enemy we can't tip our hand to. And when is an incident -- obviously that who are involved are initially going to be heads-down responding to it, but in the aftermath, there's certainly traditionally been kind of a little reticence to share the details, even though, you know, we know what's probably for most of us, it's a when not if situation. But I think I've seen a change over the last couple of years that even sometimes during a response to an incident, those involved are coming into our community and sharing what they can, which is amazing. It's leading by example, and that's why we're here, right?

Suzie Squier: Yes. And you're right, that is a -- it's a slow shift. It's like turning, you know, the ship around. But it's happening. And I would say the first time it happened was maybe two years ago. I remember a member company calling us, and they did it anonymously, which is fine. But wanted to make sure that information got out to our member companies as soon as possible. And so we're starting to see folks -- even if it's not I can't tell you this, you know, here's some suggested security controls you may want to look at. And some can do it anonymously, which we totally understand. But they want to get that information out. Everybody wants it. That's when you want it. It's building it into playbooks to do it is what folks need to do.

Luke Vander Linden: Right. And that's again, part of that building that trusted environment, knowing if you're going to share that stuff, it's not going to get out. It's going to go where it needs to go only.

Suzie Squier: Yes. Yes. But it's -- I like that it's happening a little bit more --

Luke Vander Linden: Yes. I'd love to see it for our sector, and hopefully it's happening to other sectors as well. So I ask a lot of my guests -- you're my guest -- to predict the future. But for you, I'd like to flip it a little bit, ask it a little differently. Where would you like to see the RH-ISAC go? Whether it's our 20th anniversary or just five years from now, where do you think we should be headed?

Suzie Squier: Well, you know, we love growth and we want growth. I do -- I do foresee in the, you know, not-so-distant future, maybe like a summit in Europe, you know, where we're taking care of our members there in a more personal way. And that is an effort that we've started undergoing and learning, you know, to not be so US-centric. Because we do have a lot of great and growing members in UK, AMEA, Australia, New Zealand, and Canada of course. But they're included in the North America group. Well, I'll say this. We'll be bigger, and that's great. But my challenge is to make sure we don't lose our culture. I don't want -- I don't know if I want a 1,000-person summit. I'd rather break it up, because it's such a great feeling at that number. And we are -- as you know, we're building in steps to make sure that we keep that culture of just, you know, fun -- I mean, have fun. But you know, know one another, help one another, talk to one another. I've said that's probably what makes me -- I wouldn't say keeps me up at night, but that's what I focus on. That as we grow, we do not change that.

Luke Vander Linden: No, I love that. That's great.

Suzie Squier: Yes. That's what our members love. They love seeing one another when they come to -- and that's what helps with sharing and contributing. So I didn't really answer your question. I'm not really good at crystal balls. But I can tell you that.

Luke Vander Linden: That's okay. You answered it well enough. So as I said at the top of the show, this is our 50th episode. Just discovered that. I think we need a break, what do you think? With your permission, I think we'll take some time off from producing new episodes for the time being. In all seriousness, we want to make sure that this podcast, like everything we do, is hitting the mark, not only for our members, but for the sector. It's always a good time for self-reflection. We are going to take a little break in production. While we're on that break, I do want to encourage our listeners, as I always do, to reach out to us with your thoughts. We'll keep the email address going. Shoot us an email at or of course if you're a member hit me up on Slack or Member Exchange, or Suzie. And of course, if your company is not yet a member of the RH-ISAC, I'm not sure there's much more we could say to convince you to join. Now's the time. Go to to learn more. Start the process. The water's great. Thanks to you, Suzie Squier, for joining the podcast today, and for all the great interviews you've done over the past couple years. We also want to thank Rich Agostino, SVP and CISO at Target for coming on as well.

Suzie Squier: He's the best.

Luke Vander Linden: As always, thanks to our production team both at N2K Networks, and our team at the RH-ISAC who do their best to make us sound good. I also want to take a moment for a special shoutout to the amazing Annie Chambliss. Her real job is Director of Marketing and Communications of the RH-ISAC, but she's been there every episode, keeping the wheels on. She more than anyone else, deserves a break.

Suzie Squier: Annie takes anything you throw at her with a smile on her face, which is the best.

Luke Vander Linden: She does. She's great. And finally, thanks to you, our faithful listeners for tuning in, and until we meet again, stay safe out there.

Suzie Squier: Adios. [ Music ]