[00:00:00] LingRaj Patil: Welcome everyone to another episode of Let's Talk ASPM, Let's Talk Application Security Posture Management. And today I have the pleasure of hosting Vivek Venkatachalam. Vivek, he's a dear friend and he's an expert in product security. He brings a very, very unique perspective to this episode. He has years of experience in automotive industry and I'd like to bring that out, how product security is important and how application security is important for this industry.
[00:00:40] LingRaj Patil: Vivek, welcome to the episode. Thanks for having me here, Raj. It's a pleasure to talk with you again. All right. Awesome. Yeah. So Vivek, so one thing that has really stuck in my with you is just your profound experience in the automotive industry. Whether it is Robert Bosch, or SAE, or [00:01:00] Aiton, or Fiat Chrysler.
[00:01:03] LingRaj Patil: And, uh, latest now at CNH industrial, right? So you have many years of experience in this. So tell me what's between you and your love for, uh, automotive industry.
[00:01:15] Vivek Venkatachalam: Yeah. So like any kid growing up, uh, you know, I've loved cars, right? My first ambition in life was to be a race car driver. Right. So I've always wanted to be associated with cars, hopefully driving them, but if not, you know, manufacturing them or playing a role in manufacturing them.
[00:01:31] Vivek Venkatachalam: Right. And that's kind of been my North star at all points in my life. So, you know, growing up, I, I pursued a bachelor's in engineering, working with control systems. Uh, and then I spent a couple of years working in the software industry in India, uh, before I decided to do a master's in control systems, specializing in automotive control systems at Ohio state university, uh, once I graduated from there, I began my career at Fiat Chrysler, uh, and I worked in multiple roles at [00:02:00] Fiat Chrysler.
[00:02:00] Vivek Venkatachalam: Uh, but particularly, I was working on onboard diagnostics for the most part, right? So when I was here, I also spent a brief stint in Brazil to understand the automotive landscape in Brazil and what kind of makes their engine tick, so to speak, right? Uh, it was during my time at Fiat Chrysler that I kind of stumbled into cybersecurity by me, right?
[00:02:21] Vivek Venkatachalam: So I was working in onboard diagnostics and, uh, you know, the Jeep hack happened in 2015, right? Where there were two researchers. Uh, basically hacked a Jeep Cherokee and drove it into a ditch and, you know, just out of curiosity, I was looking around to see if there was anything being done for cyber security within Chrysler and that led me down a rabbit hole that I'm so glad to go down on and that's led me to this journey where there's been literally, there's been no looking back, right?
[00:02:49] Vivek Venkatachalam: Uh, starting off with Chrysler, I was then seeking out a community of security engineers, people that were working to solve similar problems in the automotive industry. Right [00:03:00] and so with this in mind, I reached out to the folks at to see if there was like a community effort that was going on and I was able to join at a time when standards were being defined for the industry, especially for verification and validation of cybersecurity on vehicles.
[00:03:16] Vivek Venkatachalam: Right. And here, you know, I was, I was lucky enough to be welcomed into this community, uh, which is, you know, filled with dedicated professionals. Uh, each one of them are giants in their own areas. Right. So I was not only lucky enough to be let into this community, but they also let me stand on their shoulders as we continue to propagate the security culture across the industry.
[00:03:37] Vivek Venkatachalam: Right. So I primarily come from a background of embedded security, right? How do we build security into like your, your infotainment systems or your autonomous driving systems and all of that. And then I was, I was, you know, I came across this role at CNH would say, Hey, you know, we're looking for someone to lead our product security program for connected vehicles [00:04:00] in the construction equipment industry, and that really piqued my curiosity because I hadn't given much thought to agriculture and construction.
[00:04:06] Vivek Venkatachalam: Like most folks, I thought it's a tractor, how much technology can be there. But this has been so much of a learning curve for me. And this role has opened up an entirely new dimension, not just in terms of technology, but also in terms of security. And it's really given me the opportunity to dive headfirst into application security that I'm really grateful for.
[00:04:26] LingRaj Patil: Awesome. Awesome. I'm like, I mean, your experience kind of reminded of my own childhood. Like many other kids at the time, you are now with the fan. We all have this fancy for this cars and we want to race around with them, right? And it's great that you actually built that, uh, built on that passion and, uh, you're able to actually tinker with those things to make them more secure.
[00:04:49] LingRaj Patil: Uh, so awesome.
[00:04:51] Vivek Venkatachalam: Yeah. Yeah. Yeah. No, it's been a great journey and I wouldn't trade it for anything else.
[00:04:55] LingRaj Patil: Yeah. Yeah. So, uh, you may tell me one thing you told me a little bit about the [00:05:00] Jeep experience, right? And, uh, so tell me, how is application security or product security, uh, different for an automotive industry versus let's say a financial industry or some other industry?
[00:05:11] Vivek Venkatachalam: Yeah, yeah, yeah, absolutely. So applications, when we think about it, you know, typically on a regular basis, you know, in your day to day life, when you talk about, you know, your banking, you do everything through your banking apps, right? In the automotive industry, in the construction equipment and agriculture industry, the way people use applications has more wide reaching efforts.
[00:05:35] Vivek Venkatachalam: Right. And the effects that your applications carry are more wide reaching for automotive. For example, as we're, we're basically conditioning the driver to think less and less about driving, but we're thinking the driver or we're getting the driver to think more about the experience that they're having in the vehicle.
[00:05:54] Vivek Venkatachalam: Right. Let them experience the journey as they pay less attention to what's going on around them. [00:06:00] Right. Realistically, if you see, right. Anytime you get on the road, and I don't mean to scare everyone over here, but anytime you get on the road, you're getting into a life and death situation.
[00:06:09] LingRaj Patil: Yeah, yeah,
[00:06:11] Vivek Venkatachalam: it's through these applications that you're able to make this journey comfortable.
[00:06:14] Vivek Venkatachalam: You're able to make it safe. You're able to make it secure in a way that the drivers are thinking less about the journey with automated driving with display units with infotainment systems, you know, where the traffic is, where it isn't, you're learning to rely and trust on what the application tells you, right?
[00:06:30] Vivek Venkatachalam: Because all of these have applications running at the bottom of it. If you look at it in a way, it's really a mindset change, right? Growing up, we were asked, you know, kind of not to trust strangers. Not to take food from strangers. Right? Then when the internet culture began in the 2000s, we were asked not to meet anyone off of the internet unless it was in public, right?
[00:06:50] Vivek Venkatachalam: Today, what do we do? We order food on an app. Yeah, we, we get it. So we get food delivered by a stranger and we invite the [00:07:00] stranger home to deliver it. And we have no problem dealing with it. We don't even think twice, right? So it's a mindset change, right? All of this is based on the trust. That have have kind of communicated, right?
[00:07:10] Vivek Venkatachalam: So, so similar to that, you know, there's also Uber, for example, right? You hail a cab today, right? Again, you trust the stranger to come home, pick you up and drop you off safely. All of this is dependent on the inherent trust that we place in these applications and the driving force behind this trust is the security that's built around these applications, right?
[00:07:32] Vivek Venkatachalam: We trust that these applications will not use our information for anything bad. We trust that these applications will not leak our information out to bad actors, the folks that could compromise our security, our social security numbers, our credit card numbers. So we rely on application security for everything without even knowing about it, right?
[00:07:52] Vivek Venkatachalam: And application security is what is, has got us to the stage where we're able to live comfortably Off of our phone, I [00:08:00] hate to say it. We live, we were able to live off our phone in most cases. Now, when it comes to the ag industry, right? Our farmers and our dealers extensively rely on us being able to do our jobs, right?
[00:08:14] Vivek Venkatachalam: So that they can maximize the yield of their crops, right? If you think about it, realistically, a farmer gets one shot per year at maximizing their profits from you, right? And they have a thousand decisions to make. Right, right. What should I grow? Where should I go? These cops, what kind of fertilizer should I use?
[00:08:33] Vivek Venkatachalam: What kind of pesticide should I use? You know, what, what should I do? They have 1000 decisions to make very limited time to make it in. So, these are applications to give them the right data to help them make those decisions. Right. It's our responsibility to make sure that the farmer is able to trust the data that we're putting in, that we're giving him to make those decisions that he makes.
[00:08:55] Vivek Venkatachalam: And AppSec is the only way to do that.
[00:08:58] LingRaj Patil: Right. Awesome. Yeah. Great [00:09:00] way to put AppSec in perspective here, Vivek. Uh, so you are right that people are putting trust in these applications, but as we all know, Many a times applications do not live up to it. Many, many a times they do not live up to it, mainly because there is always this, uh, uh, kind of, uh, challenge that goes on between speed and security, right?
[00:09:22] LingRaj Patil: There are so many changes that are happening. There is either it's cloud, agile, uh, radio, uh, shipping software faster and faster. And at the same time, we need to make them secure. So this is where the art of application security comes in. Microsoft Mechanics Uh, to make sure that you let the people who drive speed in innovation drive it, but at the same time put security around it, right?
[00:09:46] LingRaj Patil: So can you tell me about maybe three challenges that you see in, in setting up a robust AppSec program?
[00:09:54] Vivek Venkatachalam: Yeah. Yeah. Yeah. So, uh, before I get to that, right. Just touching upon the point that you made, you're [00:10:00] absolutely right. And this difference is very glaring in my industry, right? Be it in the automotive industry or in ag and construction, we have applications that were developed.
[00:10:08] Vivek Venkatachalam: Generations back right that are continuing to be maintained and it's just business as usual, right? There's no reason for them to build security into it. And at the same time, on the other end of the spectrum, we have applications that are next gen that are utilizing machine learning, that are utilizing AI to make decisions at the drop of a hat for you, right?
[00:10:25] Vivek Venkatachalam: So to be able to cater across this entire spectrum, that's where an application like ArmorCode really helps with the application security posture management, right? It really helps put everything within the same perspective and helps you make your decision based not just on business criticality, but also on the tech stack that you're using, right?
[00:10:44] Vivek Venkatachalam: So That leads us on to the challenges that we face, right? And again, I'm probably going to have a different take on this than others, because if you were to ask me, the three biggest challenges are awareness, awareness, and awareness. Yeah, [00:11:00] but, but on a more serious note, you know, awareness, security awareness is definitely up there, right?
[00:11:05] Vivek Venkatachalam: It's one of the leading challenges that we face, especially with developers, like you mentioned, right? Developers care about putting out like the latest and greatest, the brightest and the shiniest product that they can out there in the market as quick as they can, right? They don't want anything slowing them down and security efforts are usually slowing them down.
[00:11:25] Vivek Venkatachalam: What we need to convey as part of the awareness from the security community is that working with security just helps them. It actually helps them put their product out in a quicker way, right? Because you're basically eliminating bugs. You're basically removing that entire game. Security is not something that you can slap onto your product after it's been released.
[00:11:46] Vivek Venkatachalam: It is a huge effort to do that. If they do that right from the get go, we're actually helping improving their speed, you know, to draw an analogy to kind of driving. Actually, the smoother you go, the faster you're going, you might look like you're going slower, [00:12:00] but you're actually going faster, the smoother you go.
[00:12:02] Vivek Venkatachalam: And it's the same thing with security. So that's one of the biggest challenges I think is awareness and really enlightening and empowering. Yeah, the developers to do security on their own, right?
[00:12:14] LingRaj Patil: Awesome. Awesome. Yeah. So you're talking about now, uh, about how to be a partner for the developers in their, in their, uh, quest for innovation and in their quest for speed, right?
[00:12:26] LingRaj Patil: Uh, yeah. Yeah. Yeah. Yeah. So that's awesome. So now, Vivek, we talked about the challenges, uh, very relevant to, uh, and very prevalent also to what we see around us in terms of application security challenges. What would you say are the best practices, maybe three best practices in application security to set up a robust AppSec program, right?
[00:12:51] LingRaj Patil: What you have found has helped you. Uh, in this journey, there are a lot of security leaders out there, security practitioners out there dealing with this [00:13:00] particular challenge. So what advice would you give them?
[00:13:02] Vivek Venkatachalam: Yeah, yeah. So one of the things that's helped me, and again, I've taken a different approach to this simply because maybe the audience that I'm catering to, my developers span, like the tech span across my developer community ranges from.
[00:13:14] Vivek Venkatachalam: Folks that write in COBOL to folks that write in like next generation infrastructure as code, zero code, no code kind of applications, right? So the way that I've taken this has been primarily focused on people, right? So it's been focused on the developer community and catering the the security experience for the developer community.
[00:13:33] Vivek Venkatachalam: So I'd say the first thing again is improving awareness, right? Again, it goes back to addressing the first challenge. And when we're talking about awareness, we typically talk, oh yeah, let's put everyone through like a secure code warrior. Let's put them through like a training module. Let's put them through a training program.
[00:13:47] Vivek Venkatachalam: But I want to take a different approach, right? This shouldn't be one of the trainings that you're mandated to take by your senior management once a year. You just split through it while you're actually getting work done, right? Again, I want to put it in the, in, in, in the [00:14:00] form of. You know, this has to be customized training for developers that lets them see the advantage that security brings to their own community, right?
[00:14:09] Vivek Venkatachalam: And I do that by hosting hackathons, for example, right? Let's get the developers in. Let's try and get them hack each other's products, right? So they can find what the vulnerabilities are. You know, CTF events are a great way to improve practical knowledge about security among developers, right? And that brings me to the second point, which is I've really empowered the developer community to take ownership of security, right?
[00:14:32] Vivek Venkatachalam: Once you show them the power of security, now they have skin in the game, right? So that's the second practice that I followed is, you know, really to say, Hey, this is not me sitting behind the gated community and saying, Hey, no, you have to do this. You have to do that, but it's really it's in your hands, right?
[00:14:48] Vivek Venkatachalam: I'm here just to guide or to help. And really learn from the developers. So it's been focused on empowering the developer, empowering them to start thinking along the lines of [00:15:00] security, right? As I'm building this project or as I'm building this product, what is the possibility that this will be compromised?
[00:15:08] Vivek Venkatachalam: Is there a honeypot that I'm including? Is there going to be an impact to the organization as it starts to get compromised, how can I make this stronger? How can I make this safer? They're thinking about it automatically. And the third thing. This might seem very basic, but I see us missing it all the time is keeping it simple, right?
[00:15:26] Vivek Venkatachalam: We often get caught up in our own jargon within the security community, right? Yeah. So yeah, very important thing conveying to the developer community what they need to do for security, right? The last thing they need is another security person coming them Giving them acronyms that they have no idea about and then kind of scaring them Right.
[00:15:44] Vivek Venkatachalam: The key thing is to keep it simple and strike a balance in that journey saying, hey, you know, this is the danger, the potential danger, but in order to avoid it, this is what you can do.
[00:15:54] LingRaj Patil: Got it. Okay. All that. Awesome. Yeah. So I totally agree. I think people are at the heart of any [00:16:00] change that needs to happen.
[00:16:01] LingRaj Patil: Right. So now if you were to see how you bring it together with the technology, how do you magnify it? Can you tell me a little bit because one of the challenges that we see in application security is just a huge number of vulnerabilities that you have to deal with, right? They have the scanners that are running across your pipeline and they're generating so much alerts, findings, vulnerabilities, either it's on the AppSec side or the vulnerability side.
[00:16:30] LingRaj Patil: How do you make sense? How do you know? And you can't throw that to the developer because they're not going to then fix anything, right? You really need to show them. Okay. There are this out of this thousand problems that are coming through There are these five problems that I want you to focus on right?
[00:16:46] LingRaj Patil: So, how do you do that?
[00:16:47] Vivek Venkatachalam: Yeah, and this is where arbor code has really helped accelerator has helped accelerate our program, right? So the problem that you touched upon is very pertinent, especially when we were Kind of starting [00:17:00] up application security within the organization. I mean, it was like drinking from a fire hose, right?
[00:17:05] Vivek Venkatachalam: And really the issue very quickly became about scalability. We started seeing tens of thousands of vulnerability coming through multiple different scanners. And we're jumping from one, you know, dashboard to another, trying to make sense of the data that we're seeing. Right. And that's where our record helped put all of this information in one single pane of glass and say, Hey, you don't have to go and deal with different dashboards.
[00:17:28] Vivek Venkatachalam: Here's all of the data for you neatly packaged within one dashboard that you can customize to, you know, suit whatever works for you. Right. And that's what I really appreciate. And that's also where I think AI is going to be like adding a turbocharger to ArmorCode. Right. So basically cutting through swaths of noise, identifying the actual signal amongst all of this noise, that's where ArmorCode has really been.
[00:17:55] Vivek Venkatachalam: Kind of a beacon of hope for us, right? We're so glad that we [00:18:00] were able to partner with Amacode and I think adding the AI capability to the ASPM is really going to turbocharge and it's going to help us burn down so many vulnerabilities. It's going to help make those decisions for us, right? That's again, what it comes down to when you're talking about scale, there's just so much data that you're seeing that you have to be able to determine what is signal, what is noise, And then make a decision on that, right?
[00:18:22] Vivek Venkatachalam: You need to triage it, you need to remediate it, and then you need to resolve it. And all of this needs to happen in record time.
[00:18:29] LingRaj Patil: Yes,
[00:18:30] Vivek Venkatachalam: yes, yeah. That's where I think, you know, a tool like ArmorCode and ASPM in general is really key to not just get organizations from zero to one. But also to help them go from one to a hundred.
[00:18:42] LingRaj Patil: Yeah. Yeah. And you can see, you can see, having seen your journey, I see how quickly you were able to change that in terms of, it's been a game changer for you in terms of just cutting through the noise and then fixing these problems. Right. So how would you say, how would you [00:19:00] say if you were to look at things before and after, how has it helped one, one to the security debt and also your relationships with the developers because they are a big stakeholder.
[00:19:09] LingRaj Patil: So how would you say it has changed?
[00:19:11] Vivek Venkatachalam: Oh, yeah. Yeah. So initially, you know, we were just using a CVSS code, right? Most of the tools that we see in the market today. When they want to convey the severity of a vulnerability, they go back to the old and trusted CVSS score. Now, the CVSS score, again, is without context of your application, right?
[00:19:28] Vivek Venkatachalam: So, as security folks, we think of ourselves more like insurance salesmen, right? We want to say, hey, here's what could happen, and this is what you want to do to avoid that from happening, but at the same time, you want to scale it back. You don't want to scare the developer away, right? So, with ArmorCode, what we've really done is we've been able to pivot from using the CVSS score.
[00:19:48] Vivek Venkatachalam: As a way of conveying risk to we're using their weighted risk score that is available on the platform, right? Because this really takes into consideration the context of the vulnerability within the application. [00:20:00] Weighted along with the business criticality, right? There's so many things. There's factors like attack probability.
[00:20:05] Vivek Venkatachalam: You know, whether it's external facing or not, whether the application processes like PII or critical information or not. We're able to add all those factors to give a realistic picture of what a vulnerability means within an application. Right. And this has really drawn the developers in. Right. And the way we've set it up, we've set it up by hierarchies.
[00:20:24] Vivek Venkatachalam: We've created individual teams within these hierarchies. So we actually ended up gamifying the system. So teams are actually racing against each other to get to the armor code platform and burn down the vulnerabilities. They love it when they see that graph go down like that. You can take that back to their management, right?
[00:20:42] Vivek Venkatachalam: So teams are actually, we currently, we have more than 300 active developers on our ArmorCode platform. And it's been less than a year that we've onboarded the platform. Wow. And these are folks visit every day. They look at their people, look at what they've submitted. You know, they want everything to correlate and [00:21:00] they say, look, this single pane of glass.
[00:21:02] Vivek Venkatachalam: And as a developer, you don't care if a vulnerability is found in a SAST scan, a DAST scan, an SCA scan. A vulnerability is a vulnerability, right? It's a bug. You're just looking at fixing those bugs. So they see all of that in that one platform and they get to see that graph going down. They love it. They keep coming back more and more.
[00:21:19] Vivek Venkatachalam: In fact, to the point where they've even said, they don't want us creating tickets in their backlog. They're like, we're having a lot of fun just getting into this platform and looking at that graph code on every day. That they don't get that satisfaction by looking at, you know, okay, here's the number of tickets that we closed in our backlog.
[00:21:35] LingRaj Patil: Awesome, man. So it's such an amazing story here. You gamified the whole thing and made it fun, right? Put fun back into security here, right? We want developers racing with each other. To basically solve this problem. So thank you for the detail in terms of making sure that the problem that they are solving is, uh, they find that meaningful because at the end of the day, what we for [00:22:00] anybody, it's not just in development.
[00:22:01] LingRaj Patil: All of us want to do work that we know is meaningful and that you want to know that it's making an impact business impact. Right? And in order to do that, For them to show very clearly, this is the problem we need to solve because this is the business impact it has. This is the problem, don't even worry about it because it doesn't have much of an impact.
[00:22:19] LingRaj Patil: Right? So that's fantastic. So Vivek, now if I can ask you about this AI, right? AI has changed the game at multiple levels, right? And it is changing it for application security also. So what would you, how would you, how do you see AI in your work? How has it changed and how do you think it's going to change?
[00:22:40] Vivek Venkatachalam: For us, AI, I see it as the vehicle that's going to really accelerate our journey going from a one to a hundred. Right. So we're in a state of constant discovery, right, where applications are being stood up and sundown all the time. And as security practitioners, right, we [00:23:00] tend more often than not to wear tinfoil hats, right?
[00:23:02] Vivek Venkatachalam: We're kind of conditioned to be wary of everything, right? So we often tend to get caught up in one single vulnerability that comes up. There's so many new vulnerabilities that's being reported to the NBD every day. There's new CBEs being declared every day from all over the globe. So where does that stop?
[00:23:18] Vivek Venkatachalam: That's where I see AI kind of burning down a bulk of that noise for us, right? Similar to what ArmorCode did, but just turbocharging it, right? If we're seeing 10, 000 vulnerabilities, AI is going to help us, you know, Decide which are the ones that I should pay attention to, right? It's going to help us make that decision quicker, especially as we're seeing volumes of data come in.
[00:23:40] Vivek Venkatachalam: Right. Just last week, I had a team that create that performed a commit that created 10, 000 new vulnerabilities, right? We were able to burn that down to 625 vulnerabilities of which we have only 624.
[00:23:55] LingRaj Patil: Amazing. So there's just
[00:23:57] Vivek Venkatachalam: one vulnerability that's left as the applicant, and [00:24:00] this is going into production next week.
[00:24:04] Vivek Venkatachalam: Look at the amount of pressure.
[00:24:05] LingRaj Patil: 10, 000 to be fixed before a week, right? No way. Awesome.
[00:24:10] Vivek Venkatachalam: Yeah. And this is where I see AI really coming in and saying, Hey, you know, this is what we've been learning based on the kinds of vulnerabilities we've been fixing based on the propensity of these teams that are submitting code.
[00:24:22] Vivek Venkatachalam: Here's where I see that coming. So it makes that it sets us up for success. Yeah. Right. When we go to look at vulnerability, we don't have to say, Oh, here's 10, 000 vulnerabilities that I need to fix in a week. We're instead using the power of armor code, using the power of AI to say, okay, let's bring this down to the top 50.
[00:24:41] Vivek Venkatachalam: Let's attack the top 50, right? So AI will help you burn that down to the top 50 and then narrow it down to the top 5 and then deploy your, your appropriate resources. Right, right. Awesome. Awesome. Accelerating our journey in application security.
[00:24:56] LingRaj Patil: Yeah. Yeah. I mean, yeah. So that's the feature that Arma could release, [00:25:00] right?
[00:25:00] LingRaj Patil: AI correlation in RSA. And now, now we are talking about AI remediation. It actually gives guidance on how to fix it. So it goes a step further and tells that this is how we could possibly fix that.
[00:25:11] Vivek Venkatachalam: Yeah. I can't wait to start using that in production.
[00:25:15] LingRaj Patil: Yeah. Awesome. Awesome. Thank you. So I love the way you brought this together and, uh, in a way you, you some ways put the perspective on.
[00:25:26] LingRaj Patil: AI and the driving some many times we just get into a car and then then we just keep driving right and then you talk about the applications here I just love the way you talked about how applications are putting trust in many of the things that we were told not to trust earlier of course they have also created vulnerabilities but you also talked about how to use a good application security practice to address those vulnerabilities that come with it right so maximize the good Whatever risks you have, uh, uh, minimize those.
[00:25:59] LingRaj Patil: So, Vivek, it's [00:26:00] been a pleasure chatting with you. Uh, do you have any parting thoughts that you'd like to share?
[00:26:04] Vivek Venkatachalam: Yeah, no. Uh, so one of the things that, you know, and maybe I'm preaching to the choir here is that, you know, when it comes to cyber security, we're all on the same side of the battle, right?
[00:26:14] Vivek Venkatachalam: Whether you're talking, whether you're talking application security or you're talking product security or embedded security or enterprise security, we're all on the same side of the battle, irrespective of organizational boundaries. Right. So it's imperative that we lean on each other as a community. And that's what I wanted to kind of call out, you know, the initiative that you've started with the purple book community.
[00:26:35] LingRaj Patil: Yeah.
[00:26:36] Vivek Venkatachalam: That is incredible, right? That the advice that you receive, you know, the converSASTions that you have, the level of discourse within the community, it's just that you have so many bulbs going off saying, Hey, I am facing a similar problem in a different context. So here's how I can use it the same way you're seeing it.
[00:26:52] Vivek Venkatachalam: You know, it could be vice versa when you're sharing your experience, it could have bulbs go up for other people. So that's where I would say, you know, it's [00:27:00] important that the community kind of leans on each other, that there's really no Uh, you know, this isn't a zero sum game, right? It's not that, you know, someone wins only if someone else loses.
[00:27:11] Vivek Venkatachalam: We all win together, we all lose together. We're all tackling the same problem and we're all on the same side of this battle in security. And again, I want to, you know, thank you again for, you know, having me on this, on this, on this, uh, podcast here. You know, it's, uh, again, an extension to the community that we're building and and that we continue to lean on with an application.
[00:27:33] LingRaj Patil: Yeah, thank you. Vivek. It's a pleasure having you in the Purple Book community as well. Such a great way to end it. Because in the end, we are all in this together. And when we talk about community, the community doesn't have to be restricted to the people that you work with, even though that's an amazing community.
[00:27:49] LingRaj Patil: There are a lot of best practices, a lot of creative people in the community that you can learn from. So that's where the Purple Book community comes, where leaders like you come together, share. Best practices, [00:28:00] challenges, what's the latest, uh, what's the greatest, right? Highlights, lowlights, things like that.
[00:28:04] LingRaj Patil: So thank you so much. It's been a pleasure Vivek. Uh, I would love to have you back, uh, in some other, in maybe in a few more months time to catch up with you on what's the latest.
[00:28:14] Vivek Venkatachalam: Absolutely. Thank you. Thank you for having me Raj. It's been such a pleasure talking with you again. All right. Sounds good.