In this special 100th episode of Needlestack, hosts Robert Vamosi and AJ Nash celebrate the milestone with former NeedleStack host, Matt Ashburn, discussing the evolution and importance of OSINT (open-source intelligence). They delve into best practices, the risks of normalized habits, and the significance of isolation in investigations. The conversation highlights the behavioral attributes that can identify investigators, the challenges of new generations in the field, and the need for accountability and reputation in intelligence work. They also explore the role of technology, the importance of first-hand access, and the balance between timeliness and accuracy in intelligence reporting.
Robert Vamosi (00:03.635)
Welcome to Needlestack. I'm one of your hosts, Robert Fumosi, CISSP, and this is a special episode. It's episode 100.
Robert Vamosi (00:16.083)
Not many podcasts.
A.J. Nash (00:19.88)
The audience is loving that.
Matt Ashburn (00:23.116)
Ha ha ha ha.
A.J. Nash (00:25.523)
Where can them go? They can't get enough of you, All right, folks.
Matt Ashburn (00:27.586)
Well, they're still going. This is amazing.
Robert Vamosi (00:30.759)
It is amazing. Not many podcasts make it to this point and we wanted to celebrate it and we have kind of a special guest. No, we have a special guest. It's not kind of, so I'm going to throw it to my cohost, AJ.
A.J. Nash (00:38.258)
Hmm.
A.J. Nash (00:43.325)
Yeah, I'm AJ Nash for everybody who doesn't know me. I'd be surprised. digital intelligence advocate over here at Authenticate, old school Intel guy. I've been the private sector for quite a while now, but I'm not really important to this show today. The only guy that really matters today is Matt Ashburn. Really excited to have you on this show. Matt, you want to tell people why you're here and what we're going to talk about today.
Matt Ashburn (01:03.662)
Yeah, thanks so much. I'm glad to be back, especially on the 100th episode of Needle Stack. I was one of the first co-hosts, or one of the original co-hosts, guess, of Needle Stack, and it's evolved and grown. So great to see it. Yeah, so I'm still here at Authenticate. I'm the Chief Customer Officer, Chief Customer Advocate, basically, for our customers that are in the space. And part of what we do is engage with folks that are our customers, as well as others in the community dealing with OSINT.
A.J. Nash (01:29.907)
Very cool, man. I'm very excited to have you here. I appreciate it. I remember when the show got started long before I was with Authenticate, I've known for a long time and to be in a position now where I'm actually behind the mic here is very, cool. And I appreciate what you and Jeff and everybody else, you I've done, you know, to build this to where it is, you know, Rob and I were lucky enough to kind of take over something that was in really good shape, which we really appreciate. And thanks for being here. Now, I know, aside from that, I know the thing we really want to talk about is
You OSINT, right? You said you're the chief customer officer, the customer advocate. You know the community well. You know what people need to be doing, right? And that's the bulk of how Authenticate was built. What the business is about is keeping people safe and protecting them when they're out there doing open source research and intelligence. So, can you talk a bit about some of that? We're going to dig into that. I know you had some topics coming up and some public speaking on this too.
Matt Ashburn (02:20.172)
Yeah, sure thing. We have a lot of things coming up, a lot of events, including Osmosis Con in London on March 4th. Very excited to be invited to speak there. And that talk really centers around some key principles that are best practices within the OSINT space, right? In OSINT, you usually don't get burned by just one big dramatic mistake, right? If your investigation gets burned, it's typically because of small, normal, or normalized, I should say, habits that quietly link you to an investigation that you're performing.
For example, maybe doing a quick lookup, maybe letting your guard down a bit, things like that. And that's really what we're talking about at OsmosisCon coming up in March 4th. And really to give folks a sort of five big mistakes to avoid while performing OSINT to give people a practical, repeatable workflow so they can triage, perform investigations as they need to. So that way they reduce their exposure and improve confidence in their findings as well.
A.J. Nash (03:21.413)
You
Matt Ashburn (03:21.416)
I to God, idiots.
All right, let me try again. Yeah.
Robert Vamosi (03:27.007)
This is where editing comes in.
A.J. Nash (03:27.027)
It's all good, man. Yeah, I guess we're gonna edit that one. Don't worry about it, man. happens.
Matt Ashburn (03:34.062)
Hey guys, can you just keep it down? We're recording, if you don't mind. Thanks.
Matt Ashburn (03:41.966)
You think that experts at like an investigations company would be able to see when they walk in the door somebody with a light shining in their face and a camera on and three people on the screen and talking to a microphone that might be doing something that needs some quiet but... I swear to God. Okay. You know what we found is that in OSINT you don't get burned by just one dramatic mistake. You get burned by some small normal habits that become normalized over time.
A.J. Nash (03:54.835)
Go ahead man, whenever you're ready
Matt Ashburn (04:09.46)
and they can quietly link you to an investigation. And obviously as OSINT folks, we don't want that to occur. We want to obfuscate who we are and separate who we are and our organization from the investigation that we're performing.
Robert Vamosi (04:22.141)
So it seems like you want to have a good workspace as well as discipline. So you're not like leaving that workspace to do something ad hoc. And that could be one of the breadcrumbs that ultimately points back to you, something like that.
Matt Ashburn (04:38.662)
I would say so, right? And I would say that in my experience that many investigations get burned by just a tiny habit, right? Just a quick lookup on your typical machine, right? So let's say you're busy, you're in your workday, you may get a Slack message or an email or might just stumble across something like, man, this looks really interesting. Let me dig into that. Clicking a link or opening that up in your local native machine, native browser can really be detrimental to your investigation. But the...
difficult thing here as advocates, it's difficult to get this point across many times because it's not something that is necessarily perceptible at that moment. There's no alarm that goes off, no alert that takes place, but over time that can erode your investigation and also erode the defensibility of your investigation as well.
A.J. Nash (05:24.691)
Yeah, I mean, it's a good boy as a guy who's I've been doing Intel forever. It feels like this point. And, uh, you know, in the government space, it was somewhat easy in the sense that, classified systems were classified. Like you weren't likely to, you couldn't do a lot, but you were going to end up exposing yourself to the world on classified side. And if you want to do something unclassified, it was a whole different system. You had to walk over to a whole different machine. I mean, I'm, really old. Eventually we had KVM switches a little easier, but used to be, had one unclassed machine in the entire room of classified work. So, you know, if you had to go check a personal email,
There was no way you were going to you were going to complicate things. Plus, by the way, everybody knew you were checking your personal email, so you didn't do a lot of it. It kept you busy working, but it was segmented. Right. And so now that's not really a case on the private sector, especially you're working on the same system. So you're you're doing this work, this intense stuff. But then it's like, oh, you know, I got to check this email because I'm waiting on something or I've got a package being delivered. It's so easy to to do just your normal life. And everybody moves so fast. We do all these things. Right. We're always multitasking phones and computers and tablets and all this stuff.
that like you said, it's that normalized behavior. And if you remember, wait a minute, no, I'm not me right now. I'm somebody else and that somebody else doesn't have access to my email, doesn't have to pay my mortgage payment today and doesn't need to return the call to my wife or whatever. And so it's, it's hard, think sometimes for people to remember to compartmentalize what they're doing. Do you feel the same way? Do you see that?
Matt Ashburn (06:30.126)
That's right.
Matt Ashburn (06:45.486)
100 % and also it's there's element there of convenience and an urgency right much like I think we train people all the time to avoid phishing emails if there's a sense of urgency that's making you click that link to think twice about it I think same thing goes for OSINT if you're seasoning man I really gotta look at this right away just calm down take a deep breath and just wait a bit and say you know what is am I looking at this the right way you know based on the risk that could come to my investigation should I open this in
a virtual machine or managed attribution platform or something else that's isolated from my typical environment? The answer typically is yes, I think for almost everything. There's, think some limited cases there maybe looking up in a database or something that's already attributed to you that that's different, but clicking an untrusted link and you want to kind of pursue that. However it goes, definitely you want some isolation between you and that content.
Robert Vamosi (07:38.567)
And it's also not just the overt stuff like checking your personal email or your banking. It's something like looking up the weather in your local community and then the sports scores for your local community that starts to geo locate you. And you might not think these things are related, but they are.
Matt Ashburn (07:57.682)
That's very true. I think there are sort of two buckets of how you might get noticed. One is that what I would say maybe the technical attributes, right? So how you appear overtly, right? So the network space that you use, the IP address, the platform that you're using, whether or not it's isolated or not, however that looks, the technical aspects and attributes associated with your platform that you're using to do research. The second bucket is I think behavioral attributes that you are responsible for.
Each person is different. Each person has a different writing style. Each person has a different way that they perform queries when they craft a query in a search engine. Very small details like that can make a big difference and can help identify a unique person. So I think, yes, all of those things are very important and the behavior is one that is many times overlooked. How you visit sites, how you revisit sites, how you go down into different rabbit holes. Those are certainly ways that can uniquely identify a particular investigator as well.
A.J. Nash (08:54.865)
Yeah, that makes sense. Sorry, go ahead.
Robert Vamosi (08:55.295)
So that's OK. I was going to piggyback on that. The whole behavioral stuff is very interesting because it can get down to how fast your key clicks are. If you were just drumming your fingers, we could tell if you're left-handed or right-handed. Those sorts of things are revealed. Very hard to mask that as part of your new persona, I would think.
Matt Ashburn (09:20.2)
That's true and I think there are even some more basic ways, right? So platforms don't necessarily need exotic AI enabled detection mechanisms to notice you, right? Your typical behavior can probably be enough. So for example, most people will land on a page and immediately quickly go to the information that they want, right? So maybe you go to the about page, then you go to contact and then go to policy, go to their linked social, whatever that is, LinkedIn or Twitter or whatever, or sorry, X, whatever it is, right? And then go into sort of like who is style.
pivots from there and then go back to the web page again. It's very efficient, right? But it's not the behavior of a typical user that would be browsing that page casually. Clearly you're going in there with some kind of intent other than just casual browsing of the website.
A.J. Nash (10:04.721)
Yeah, it's a good point. mean, a lot of people, if you've done this for a while, like we all have habits, we all have patterns, right? I do things a certain way. Some organizations have checklists too, of course. And then you're following the, you know, the organizational checklist because you don't want efficiency and effectiveness. But meanwhile, now you're making yourself very obvious. But even if you don't, people have been doing this a long time. We all have certain tools that we like over other tools, certain, you know, orders of operation, how we're going to do things. It just becomes normal, normal pattern of life, right? And I've done pattern in life analysis, you know, in reverse on like terrorists and things like that. And you see it all the time.
Terrorists and criminals have patterns of life too. For me personally, and this will sound like a plug and I don't really care. I mean, I've been using silo for over a decade. It's part of the reason I liked it so much when I was first introduced was it took a lot of the stupid out basically, know, clicking on links. Okay, well now I'm not going to affect myself anymore, which is great. Great, I'll have a workspace for my personal stuff that's a different, totally different location.
You know, so I don't have to move around, at least I'm segmented, right? There were some things that kind of took stupid way. I'm listen for those who know, and most people do, I'm, I'm wildly ADD, which means it's very easy to do a lot of things in a lot of ways, but also lose track of where you're doing the thing. And it's, you know, everything's a little out of order. Things get done, but it's a, can be a little chaotic, mostly inside the head of somebody who's ADD or ADHD. And to me, that was one of the big things about this tool. So it's like, okay, I'm not going to make as many.
Stupid mistakes, you know, it's it's easier to be able to say okay. This is where I'm gonna be here This one would be there and then you know kind of get into that quicker Because again, you're in a hurry, you know, I'm not immune. I'm sure none of us are everybody's clicked a link Everybody's click like my god. Why did I click that? And so it was nice to know I had a system I not to worry about that anymore I'll do with the customers like you're dealing with everybody, right? So, you know, what do you see in that space as far as you know, the folks who are like heavy research oriented or just people who are like
Hey, I just don't want to make a mistake and, you know, screw up my company. Like, is there a lot of both out there?
Matt Ashburn (11:58.54)
A lot of what? Sorry. yeah.
A.J. Nash (11:59.635)
A lot of both kinds of users out there, like those who are just worried about, I don't to make a mistake versus those who are, you know, deeply into, you know, different personas and the chase.
Matt Ashburn (12:08.75)
100%. I think at Authenticate, we have customers of varying maturity levels, right? And different use cases as well. You folks that maybe are doing quick lookups in response to a KYC task, a Know Your Customer task. might be there at a financial organization, something like that. They need to verify the details of the customer that's been submitted. So, very important that it gets done efficiently, right? So, and effectively and safely. So, of course, we're use case for that.
But we also have things like customers like cyber threat investigators, right? That maybe need to go online and engage with a phishing page or something like that. Some kind of potentially malicious content, a different type of attribution is needed there. And also different, maybe different concerns there. Not necessarily OPSEC oriented, but more of a safety security oriented is the priority there. Of course, the benefits are good for all of those. So the other thing that I've seen in the customer base is most recently,
the adoption of what called CAI datasets, commercially available information datasets. Lots of data is out there, lots of it's for sale. And the reliance on that is becoming increasingly popular. The worry that I have though, is that I've seen some folks, not all, but some folks rely on that to the point where they're no longer corroborating and verifying that information. And that's something that concerns me little bit from a Tradecraft perspective.
Because yes, the data sets that are out there, the threat intel databases that are out there, the personal information databases, location databases, all of these things are very useful. But when it comes down to it, you really want to make sure you don't have a single thread there. You want to go and corroborate as much of that as possible.
A.J. Nash (13:38.899)
Mm-hmm.
A.J. Nash (13:52.369)
Yeah, I mean, you're right. And I think we're all moving so fast and there's lots of tasking. So there's always lots of pressure, right? And human nature is to take a shortcut. It's not, you know, it doesn't necessarily make us evil or lazy or whatever it might be. It's just, we're efficient. We're geared to be that. That's evolution, right? So like you said, if you see these databases and you trust it, you check it a few times, you check it many times. Like, there's a trustworthy database. It's just so easy to go, yeah, I got to get it. I got to move on. Right. And you do that two or three times, but they're not always going to be right. You got to check things and then, you know,
throw AI in there and how quickly people want to trust whatever AI tells us because, he's my buddy. He sounds just like me now. Yeah, of course it does. And it loves you and thinks you're brilliant too. you know, it's, I wonder what you've seen or what your thoughts are on, those challenges as you know, finding that spot between, you know, always say timely, accurate, relevant, right? That was like the three biggest things in Intel complete as another one. And there's a couple more, but
What do you see as how hard it is or how people are managing to balance that piece between I need it now and hey, it's got to be right and you got to do the work. Like how are people managing that well?
Matt Ashburn (14:57.518)
To be honest, think that a lot of places are still figuring that out. They're dealing with this challenge. It's a common challenge that affects multiple organizations at the moment. As you said, there's a, on one hand, significant pressure, and rightfully so, to make work more efficient than it is today and use AI and LLMs and other applications of AI to make work more efficient. Great. All for that.
but you can't lose the accuracy, you can't lose the integrity of the investigation. And that's where I don't think most organizations have figured that out yet, how that balance exists or where that balance exists.
Robert Vamosi (15:38.249)
So I think there's going to be a challenge bringing in younger people who are more digitally raised versus us. I'm just going to loop all of us together. That may be fair or unfair, but the old school way of doing research. Well, I think the convenience. Yeah. And there's the convenience of it. It's
A.J. Nash (15:49.989)
These gray beards giving us away, are they wrong?
Matt Ashburn (15:51.17)
Yeah.
Are you saying that they're less patient than us? I think there's an element of that, I think.
Robert Vamosi (16:04.359)
It's like this answer came back and this is what I'm used to seeing when I use AI in my personal life. So why would it be any different if I'm doing OSINT or Intel?
Robert Vamosi (16:17.693)
There was a question somewhere in there but
A.J. Nash (16:19.187)
Well, I think you're right, though. think I think you're right, because also, like, I don't know about patients, I'm sorry, maybe some of us, but we were just taught, right? Like you said, these we're getting to the point where generations that are they aren't they aren't coming up and then the Internet's coming up behind them or tech. They were in it like they are. They are born and raised inside tech. Like we're not having generations come up that will never know life before. I like that's going happen really rapidly. Right. And so everything is geared to faster and faster and trust the tech more, et cetera.
Matt Ashburn (16:19.982)
I agree with you. Yeah.
A.J. Nash (16:49.235)
And people are teaching old school research less. know, the basics are, let the machines go do all that stuff. Focus on the analysis, which is great. We need to do that. You got to know where the sources came from. your analysis will be fantastic. But if you don't know how to do source selection and how to do validation, it all still comes back to that. I do fear that we're going to go so far on that path that we're going to lose research. know, hopefully journalism sticks around because journalists are trained like you know, Rob.
Like that's a big part, right, of how to do it and the same thing on the Intel side. But I don't know what you guys have seen in that space.
Robert Vamosi (17:17.406)
Yeah.
Matt Ashburn (17:23.95)
Yeah, I'm thinking back to a professor I had in college, in engineering school, and he stressed the importance of getting down to not just the secondary and tertiary sources, but getting down to the primary sources for information. And it was really surprising, you know, when going back and, of course, back then, you know, 20 years ago, dig through books, imagine that, we had books that we had to go to a library and actually find the physical book. But, you know, some of the primary sources for some of this engineering writing that I was doing was
A.J. Nash (17:34.513)
Mm-hmm.
A.J. Nash (17:45.491)
You
Matt Ashburn (17:53.711)
you know hundreds of years old in some cases and you know He stressed to us don't accept this fact just because it's been repeated Go back and find the original source. I think there's a an anecdote there that applies to OSINT as well, right? You know go to primary source. That's still important I think the challenge is as you know today Jay, you know, how do get this this new generation? To acknowledge that or to value that I don't know. I don't know the answer to that frankly
Robert Vamosi (18:21.503)
So you mentioned journalism, and I'll just say that it's the personal reputation of the reporter that's online. It's my integrity that's going to be questioned if I get something wrong. So I feel compelled to track down and make sure that I know enough about the source to vet it and say, I'm going to go with the source. I wonder, though, if I'm doing OSINT for a corporation or if I'm doing OSINT for the government and doing intel work of that.
if it's just it's a job and that integrity isn't necessarily there for for some of these people coming into the field today.
A.J. Nash (19:00.263)
Yeah, I agree. Go ahead, man.
Matt Ashburn (19:00.706)
Yeah, I was going say, and I wonder, I agree, and I wonder what the reward system there looks like. What is the motivation of that individual? Is the incentive package there geared towards accuracy and some efficiency there as well? Or is it more efficiency? I have a guess in my head of what that would look like for most places, but that's an incredibly important thing to get right.
A.J. Nash (19:26.291)
Yeah, I think most biased of volume. And again, if your name isn't even on it, if it's just the company name, just the company name, right? You're out of school. It's just a job to you. They're grinding you up. You got to do twice as much work as you really have time for. It's not your name on it. Nobody's going to remember who wrote it, right? I relate to what you were saying, Rob, in that in the Intel space, right? There's a humiliation to being wrong. I mean, you want to be right. Obviously, in Intel, for us, we always had the whole, hey, know, this could be bombs on targets. This is life and death. You know, got that. Journalism runs into that occasionally where people can be harmed if the reporting is wrong.
But your name's on it, There's accountability. You have to take it seriously. We always understood the importance of the work. And I don't know if that's always available now. And this isn't a shot in any way. There's a million companies doing a million things. The private sector is flooded with lot of content, right? And sometimes there's not time or energy or accountability. Even if you do something terrible, a lot of times it's gone, right? It disappears in a day. it was terrible. We'll just pull it down. Nobody will remember it. Let's move on. And so, you know, there's just volume and volume and volume without that sense of
pride you're talking about, Robert, or just fear, you know, being wrong, being humiliated. It seems like a lot of that's just kind of faded away.
Matt Ashburn (20:35.308)
Yeah, I think this is where there will have to be new trade craft developed with AI and these new efficiencies, AI, CAI data sets and all these other things that are available these days. You need to create processes that consider the trade craft, right? It can't just be a simple, go collect this information from a database or wherever you can get it, but go collect it, verify it, corroborate it, use these tools. There has to be something else there in the checklist or the process, right? It can't just be driven by go get the information because
If you're end goal and if you're being graded on obtaining information, great, cool. Who cares if it's right or not, right? But I got the information. That's my incentive. I'm incentivized on that. Then you're going to get whatever you get. And that's not good. The outcome may not be immediately apparent to some. I use the example, let's say, of a KYC analyst, a fintech company, right?
A.J. Nash (21:12.179)
Right.
Matt Ashburn (21:31.759)
They're processing, you know, records, it could be hundreds of records maybe in a day. A huge volume of people that are applying for accounts or whatever they're applying for. And you have to verify that they are who they say they are and that they're allowed by law to have access to your platform. Heavy responsibility there. Getting the incorrect information, saying no. Okay, maybe the company has saved some risk. But what if you get that incorrect? What if we get that wrong? Now you have a person who's out there who's needing a service.
can't obtain it, their business is affected in some way. And now there's some reputational harm perhaps to your organization as well.
A.J. Nash (22:11.667)
Yeah, there's lot of the dangers in trusting data that you can't verify, right? And you said, it's funny, by the way, you mentioned like going to libraries. For anybody who doesn't know, any of younger viewers or listeners, there's no control F on library books. It's a lot harder to research in a book than it is now on anything you do. There's no control F. There's no, there's no, there's nothing. Yeah, it was a big hassle, frankly. I remember those days, but you'd also mentioned circular reporting. You said something that's, you your professor had said, just cause a lot of people said it doesn't make it's true.
Matt Ashburn (22:21.752)
Yeah, that's right.
Matt Ashburn (22:31.854)
That's right.
A.J. Nash (22:39.987)
And I just had this discussion with somebody earlier today and how dangerous that is. And understandably, hey, I've got something I think is, you know, interesting. Okay. Where's the source? Well, it's come from a whole lot of people. And I think, you a of people follow those people at something like, yeah, but that's, that's not the same. And, and, and it's not their fault. It's not your fault. It happens all the time. You know, even an Intel, we run into that and you go, no, let's get all the way back to the original. Oh, the original was a post on Facebook from an nobody, somebody nobody knows.
Matt Ashburn (22:57.282)
Yeah, all the time.
A.J. Nash (23:05.188)
It happens, right? We've seen things. Yeah, we've seen things that get out and become widespread. And then you find out the original was actually, you know, like a joke somebody put on 4chan or something like, my God, but nobody remembers that anymore. And so it's so important to get back to that original, that primary source, you know, is just because report a lot doesn't make it's right secondary, you know, reporting or circular reporting could be intentional or unintentional, or somebody, you know, mistakes something and changes it a little bit. I think it's a key point you made about getting back to that primary source, which is hard.
Robert Vamosi (23:05.737)
Two followers.
A.J. Nash (23:34.001)
and takes time and that's why a lot of people don't go all the down that path.
Matt Ashburn (23:35.939)
Yeah. And it's important to get back to the primary source, not only for accuracy, but also for the context around whatever that fact is, right? Maybe there's a fact that exists, whatever that is. Why does that fact exist? What is the impact of it? There may be good reason for that, right? Maybe on the face, there's something that looks nefarious or looks like some kind of negative mark against someone, but dig a little bit deeper. There may be a reason for that. It may not be as bad as you think. And I've seen this bubble up.
A.J. Nash (23:42.097)
Mm-hmm. Yeah.
Matt Ashburn (24:03.212)
many times in supply chain reviews as an example is what I'm thinking of. my gosh, this is terrible. You start peeling back the onion and you're like, okay, well, let's compare this vendor to other vendors that you have. okay, well, the risk that you're thinking is like the worst thing in the world really is something you've already accepted elsewhere. You just don't realize it. So not trying to minimize things there, not trying to minimize risk, but really to put a realistic view on it and put that context around everything.
A.J. Nash (24:22.227)
You
A.J. Nash (24:32.381)
Yeah, definitely. Well, Robert, I'm sure you also have journalist background. The importance of getting the primary source. Sometimes it's about getting credit, too. Like that's not a minor thing. Let's make sure we get back to the reporter who's the person who actually broke the story, right? The person who has the firsthand knowledge. I'm sure that matters in journalism, too.
Robert Vamosi (24:49.427)
Yeah, in my book, my first book that I wrote, I had this Prague reporter that broke a story and I had used it at CNET. I wanted to use it in the book. I actually tracked that guy down in Prague to make sure that what he was reporting was in fact accurate and acknowledge him in the book. You know, he was the primary source. And the reason that chapter exists in the book was because he did the legwork and I wasn't there.
I wasn't in the Czech Republic, so I couldn't vouch for it. you're right. It is acknowledging other people and giving them credit where credit is due. But what my original point was was like a journalist, you're surviving on your name. And when I was at Sina, social media was starting up and everybody was like, oh, should we put a handle? Should we do this? It's like, no, you put your name because your reputation is on the line. And if you post something, it's your name. you know.
A.J. Nash (25:31.208)
Yes.
Robert Vamosi (25:45.949)
We were all into the byline and it was very important. And if you get things wrong in the security world, this has happened where people have been, well, not trusted anymore and they don't get the leads. They don't get the stories. They go away and they start reporting other things because you know, your name is what it is at the end of the day. And so I think your point was made earlier with OSINT. A lot of it is just bundled up into a package and given to
whomever requested it, and the individual names aren't necessarily there. So the reputation of the individual intelligence officers or agents or whatever aren't necessarily surfaced.
A.J. Nash (26:24.115)
It's funny you mentioned because I've worked in organizations where that was like policy. We don't put our name. It's just it's all the or it's the idea was, you know, no, me, me, me. Right. I hadn't thought about it from the flip side. What do you think either of you both of you should we be making sure people are putting their names on? I the orgs there too, of course, but shouldn't we put everybody's personal on it so they do feel like, I have more responsibility and more attachment. get that we don't want people beating their chest about how great they are. But maybe we've made a mistake by doing that. And we've we've taken away accountability, responsibility, ownership.
you know, feeling there that maybe is something we should consider again. I'm curious what you guys think on this.
Matt Ashburn (26:58.702)
I think you might ruffle some feathers with that statement, but I'm all for it though, because I think that's the way you hold people accountable, right? And that's the way you hold yourself accountable as well. If my name's going on something, I want to make darn sure that it's going to be accurate as much as can, right? And I might not weasel out of things, right? So there's a tendency in Intel, for example, there's the Sherman-Kent scale, if you guys are familiar with that, right? So going, you know, almost, almost,
A.J. Nash (27:22.449)
Yes, absolutely.
Matt Ashburn (27:27.534)
There's certainty all the way down to Uncertain right and in between in the middle there somewhere like 50 % sure something is likely I think it's like 60 % or more It's like most likely and a little bit more almost certain right is like 90 % almost certain well you might have Looking at all the data you might say man. Yeah, this thing's almost certain if you don't have your name on it But if you have to your name on it where you're now accountable to that and you're saying
A.J. Nash (27:52.028)
Mm-hmm.
Matt Ashburn (27:56.847)
Well, this thing, whatever this thing is, is almost certain to happen or the situation on the ground in this country, let's say, is almost certainly reflects this. If you have to put your name on that, you're going to make sure it's correct. And you might start to think a bit more about your confidence level there and make sure you're a little bit more precise. Maybe you'll downgrade that to maybe it's likely instead, but no harm in that, right? But it exposes, I think, the confidence level that you have in the product. And can I think, open up some additional...
additional places there for others to contribute.
A.J. Nash (28:29.811)
That's a really good point. know anybody who's worked in this space, anybody who's done Intel work in this space in the private sector has written something that went to marketing and marketing went, why are you saying, you possibly, probably more likely than not, that's not gonna that sounds in pop, you know, let's can we just say this is gonna happen? And it never occurred to me, you know what you put your I mean, I've said I won't put my name on it, but I shouldn't just got you put your name on it, put out in public and tell me how you feel about that. Like, there's there's a reason I've explained the Kent scale and why we do it in this supporting evidence. But I didn't just go so far as go.
Matt Ashburn (28:31.01)
you
Matt Ashburn (28:44.546)
Yeah. That's right. Yeah.
A.J. Nash (28:58.267)
No, you put your name on it. This is, this is reputation. It's important. And maybe, and I get it. And marketing has a reason for doing this, right? I'm not trying to vilify work with marketing. I'm saying I love marketing, but it's easy to say how, you know, go for the big fiery pop when it's not your ass on the line later on, basically. yeah, I think maybe we just hit on something. I don't really thought about, maybe getting back to putting people's names on things, forcing them to slow down and think about it. Cause like you said, Robert, their reputation, our reputation still matter in this industry too.
Robert Vamosi (29:28.615)
It could it could expose the analysts to personal risk, though, if it's identifiable. I get that. mean, my risk is different as a journalist than an Intel agent. So, you know, an analyst. So I think you got to factor that into that as well. But maybe maybe you identify them by suiting them and you build up that profile as you know.
A.J. Nash (29:34.739)
Sure.
A.J. Nash (29:42.707)
Good point.
Robert Vamosi (29:55.261)
This analyst is particularly good. I recognize that name. I can vouch that, you know, her quality is always above what I would need and therefore I'll go. I mean, you you're creating your own primary source here by you vetting that.
Matt Ashburn (30:09.486)
You know, I'm smiling because I'm thinking of my internship in college. It was with the US Army until Outfit in Charlottesville. And there was a really smart analyst there back doing cyber stuff before the term cyber was even around. You know, it's like 2003, something like that. And I remember meeting her and she told me about some of her products that she had written. And it was fascinating because something that stood out that just got
Somehow you plucked out of the back of my head there, Robert, when you were saying that. But something that she said to me was, yeah, you know, I'm actually keeping my maiden name on the system. I haven't changed it yet with the government records because I've created a bunch of products and I don't want to lose my reputation in the community. Because this particular agency, they would in fact put your first name, last name on the products that you wrote. So there was a bit of reputation there. that's something that, least her, it was valuable enough to where
She didn't even want to change her name at work. She kept her maiden name instead of her married name to preserve that reputation.
A.J. Nash (31:14.685)
Yeah, it's interesting. I've seen that in other cases. are similar versions of it, right? It's because you do build your reputation. And ultimately, in the Intel world, not only journalism, guessing, your reputation really does become everything. If you're notorious for somebody who makes wild predictions that don't come true, who says overconfident things, and you check their sources, and they don't support it, you don't do that for very long before people stop asking you to write reports.
You know, the Intel community does self-correct in a sense if you're consistently wrong And unsupported like you can be wrong, know, it's it's hard to predict the future right that no one expects that but if you're consistently not following procedure You don't have the right supporting evidence for your confidence ratings, etc. You won't do Intel very long It's a self-correcting system Conversely if you're good at it you get that reputation too and then you become the person that they go to you know And I've worked with people like that where you go into an office and you know, the general is coming in or you know that
Matt Ashburn (31:40.43)
100%.
A.J. Nash (32:09.607)
the SES, well, you know which desk they're going to. It's gonna be her or it's gonna be him. They're not coming over to that guy. Like they never talked to him in years. I don't know why he's here, but it's gonna be one of them for sure. Cause we know they need a real answer and those are the people they really trust. So that reputation matters. So I can see why somebody would want to make sure not to get lost in a shuffle.
Matt Ashburn (32:18.364)
a hundred percent.
Matt Ashburn (32:25.87)
That's a great point. And I recall when I was downtown here at the White House, there were certain agencies that we would go to for certain things. And there are some that we would just say, all right, well.
A.J. Nash (32:35.057)
Yes, and ones you don't by the way. Are we out of options? Do we have to ask them?
Matt Ashburn (32:43.65)
We'll go to them some other time. Not to cast dispersions, I suppose. But there are certainly some groups and organizations and even agencies in the federal government, just in that space, that have a very solid reputation, especially for certain subject matter, because they're the experts. And they have developed this with expertise, with making sure the sourcing is correct, making sure the analysis is the best that they can.
A.J. Nash (32:50.397)
Christ, yeah.
Matt Ashburn (33:12.214)
make sure they contextualize the risk and contextualize the uncertainty as best they can. And that produces valuable intelligence that informs policymakers. And I think you can apply the very similar framework to a commercial space. If you have a commercial organization, similar thing, right? Just change the words around here, change the terms we're using. But similar concepts apply there as well.
Robert Vamosi (33:38.492)
Anything?
A.J. Nash (33:39.625)
I was holding up for you on that one. I can jump in, I was seeing if you hadn't done it before I stepped on you, because I have a tendency to do that. No, I absolutely agree. And we have seen that. Yeah, I'm going to start doing this or something. I have seen that in the private sector, though, that we have situations where there are, we all know some groups who are really, good at doing their Intel. know, there's,
Robert Vamosi (33:43.103)
Please.
Robert Vamosi (33:47.443)
got to work out the hand signals.
Matt Ashburn (33:49.358)
Or some sound effects maybe.
A.J. Nash (34:03.165)
First all, the financial sector tends to lead the way. They have the most money invested. They understand security generally the most because people went robbing banks and they've been banks. So it's kind of a cultural thing. Nobody's been stealing patients out of hospitals. I say this all the time. That's why healthcare tends to lag behind. It's not that culture, right? It's a different thing. But even within that space, we know of some organizations that are really good and some that maybe aren't yet or they're working to get better. It's the same thing. And we know, everybody I think knows some vendors are good and some vendors you go, don't like they're selling. That's not what you're going to want to buy.
and, they all, again, self-correcting, usually it sorts itself out. So we see the same thing in that if you take the time to pay attention, I just, again, time is where we end up coming back to is. Does anybody have the time? Does anybody take the time? Does anybody care? You know, I hate to say that, but I'm starting to feel that sometimes. Does anybody care? Other organizations have just said, you know, breaches will happen whether we try or not. And we'll work on PR and, know, an IR and just, I fear that some people have just gotten to that point either because it's pragmatic or because there's financial reasons or just exhaustion.
Um, you know, how do you, Matt, was a tough question for you. How do you personally talking to clients and customers and getting out in the environment and the community help people stay energized and excited about the positive sides of what we do and the positive impact we have in a world where it's exhausting and never ending.
A.J. Nash (35:26.447)
That's why I don't think I got that one
Matt Ashburn (35:29.048)
to edit this a little bit. How do I help the customers remain engaged and motivated?
A.J. Nash (35:34.513)
Yeah, how do you help them stay focused and positive and show them that there's a reason to keep doing this and that we can win? Or do you? How does that work when you're out in the field with people?
Matt Ashburn (35:45.839)
Yeah, that's great question. think I'll give an example. Actually, was in district con just down the street here this past weekend, by the way, great hacker conference tickets sell out like 21 seconds this year. Great group of folks. And I can't tell you how many people came up to me at the conference. They're either introduced to me or they knew me before. But I said, my God, you're from silo. You're from authenticate. Can give you a hug? And they gave me a huge hug. And I'm like, this is this is crazy. Like how often as like
A.J. Nash (36:08.828)
Jeez, that's awesome.
Matt Ashburn (36:13.102)
software vendor, know, how often does a software vendor, have somebody come out and give you big hug because they're so excited to see you. Someone else says, no, it is a hacker conference.
A.J. Nash (36:19.891)
Did you pick your pocket? Just checking. That's what I'm saying. It's an agri conference. They put a put something on you.
Robert Vamosi (36:21.768)
you
Matt Ashburn (36:27.244)
Hey, it's funny that you mentioned it, by the way. I'll go on a little tangent here, as I want to do. Actually, I snuck into the hacker conference, which was great. And I went up to the, I won't say who, but went up to one of the organizers and I said, hey, I'm looking for registration. She's like, but you're already inside. I'm like, yeah, but I don't have a badge. gotta get the registration thing, you know? She's like, how did you get inside? I was like, well, it is a hacker conference after all. She's like, good point.
A.J. Nash (36:35.635)
That's the way to do it.
Robert Vamosi (36:54.655)
you
A.J. Nash (36:57.235)
They should give you a free badge for that. I figure if you can hack into a hacker conference, you should get a free badge.
Matt Ashburn (36:59.618)
Maybe for next year, that'd be great. I'm going to try to get next year, we'll see. But I was honest, so. Anyway, there was more than one person that came to me at this conference, though, and relayed the impact that we had. And I'll say that many times, sitting on this side of the fence, it's difficult to understand some of the impact we're having. Because we don't speak one-on-one with lot of customers. We have customer summits and things like that. have
you hundreds of people that attend and you get little snippets here and there, or maybe we go on site to a customer. But again, that's just one customer that you're visiting at a time. This is really, they're really incredible. Someone gave me a big hugs and oh my God, you're from silo. Someone else said something to the effect of out of all the tools that we use, I look forward to using yours the most because it actually works and does what it says it's supposed to do. Great. mean, when you think about it, that's pretty simple, right? Create a tool that works. It does what it says it's supposed to do and
A.J. Nash (37:53.041)
Yes.
Matt Ashburn (37:56.243)
easy access or whatever the third thing is there. But we do that, right? And we can't lose sight that there is a need there to go online. There is a need to go on and obfuscate who you are. Protect yourself, protect your organization. These are all things that should be common sense, I think. And maybe we take them for granted because we've been working in this space for so long. But there are folks out there that otherwise would not be protected by this, right? This is a...
This is a very serious issue. We're protecting not only the organizations, but also the person. We're protecting the investigator or the analyst, whoever it is sitting there performing this research. So for me, that's the motivation that's for me. And I think at our organizations, the customers, there may be in some organizations, there may be less mature. There may be some initial education that has to occur, some trade craft training and things like that have to occur. Once people understand the risk, once the investigator understands their personal risk, especially.
That's a great motivator in itself on top of doing a great job ensuring you have a good reputation Creating a great work product all those other good things that we want to do
Robert Vamosi (39:04.265)
So do you have discussions around direct engagement? Are people getting that? They're recognizing that it's not just the alerts coming from their socks. It's like they have to go out. Fine.
Matt Ashburn (39:13.516)
I hate that term. We might have to edit that out, but I hate that term. Direct engagement. No, no, it's a marketing thing. I know. no, look, I'm not going to get in middle of this. There's a whole website probably built. There's a slick sheets probably built and you know.
Robert Vamosi (39:19.945)
What would you prefer I say?
Robert Vamosi (39:25.107)
Well, I'm marketing, so what would you prefer that I say?
A.J. Nash (39:26.478)
Hahaha!
Robert Vamosi (39:33.137)
Okay, so direct engagement is what I'm hearing. You don't like that term and I shouldn't say that. Got it. So.
Matt Ashburn (39:35.822)
So, yeah.
I don't know, AJ, when I hear direct engagement, think of like, PSYOPs, that type of directly engaging with a group of people in some way to alter their opinions or do something. That's kind of where my mind goes. I don't know if I'm alone in that though.
A.J. Nash (39:54.163)
No, mean, it's like you said, it's always about finding whatever term is accurate and honest and doesn't cross some other lines. Look, there's certain other terms we're not allowed to use. People get sensitive about. So, you ultimately it landed on, Hey, all right. I think I might've actually been one of the ones who coined this one. So I own this. was, Hey, you're directly engaging with the people you need to talk to. So I think direct engagement is valid, but I get your point. It's always about perception and context, right? But being able to have firsthand access, I might've used first hand access, firsthand access.
Matt Ashburn (40:22.146)
Yeah. Ooh, that's good.
A.J. Nash (40:24.125)
to the adversaries, right? To be able to be in that space and protected and have firsthand access. Because again, you're the primary source. So I do think it comes back to that firsthand access and primary sourcing.
Matt Ashburn (40:35.618)
Yeah, 100%. Getting access to the primary source, that first-hand access is incredibly important. And people, I think, value that as well. Yeah, go ahead, Robert. You were going to say something there. Yeah. Yeah.
Robert Vamosi (40:44.191)
So I'll reframe my question. I'm going to reframe my question to basically say, are you finding that your customers that you talk to are understanding that they shouldn't be passive with the information that they're getting, that they understand that they actually have to do one-on-one with the adversaries now? They actually have to be among the adversaries to glean the intelligence that they need to do their jobs well.
Matt Ashburn (41:11.63)
Short answer, yes, absolutely. People value that firsthand access. People value being able to not only obtain the information that they need, but also, again, the context around it, right? Maybe there's, let's say, some threat database, some threat intel database has maybe scraped a forum, and you have, search a selector, and maybe somebody's username or email or handle or whatever it is. Now have their forum post in a threat intel database. Well, that's great. That's helpful. It's useful.
But I look at that as just a lead, right? That's something you need to follow up on. It's more of a starting point than anything. It's a jumping off point, right? It's useful. Great, this person used this forum on this date and time, but what else have they done on that forum? What else have they posted? What have they commented? What have they, who have they interacted with? Is there someone to see who they associate with on the forum? Maybe they're friends or something like that on this particular platform.
All of that's incredibly useful and you won't necessarily receive that from a Threadintel platform, just a quick query, right? So short answer is yes. I think the more experienced investigators and experienced analysts or researchers, they all value that context. And that's why it's incredibly important to make sure you do have that firsthand access.
A.J. Nash (42:29.819)
Yeah, you're right. The platforms a lot of times and they're useful, right? And I've worked for other companies. I've worked for companies that have these things. They said they're a good place to start. Hey, you know, is anybody talking about me in this cyber criminal forum? If so, alert me. Okay, that's good to know. And you should have that right. And you get those alerts. yeah, they are. Okay, now what though? Like, who are they? The fact that you came up? Does it matter? Are they threatening you? You know, are they are risk? Are they just somebody talking about your organization? Do they have credibility if they're making a threat, etc?
Matt Ashburn (42:43.01)
Very useful, very useful.
A.J. Nash (42:57.329)
And that you won't get, right? You got the tipper and that's a good place to start. And then, so normally you have one of two options. You either have to then ask that vendor for the custom service to go out and do the other questions answer. And there's more costs associated with it, or you've got to have the ability to do it yourself, which takes two things in my opinion. One of which is, the tooling, you know, to be safe and secure. The other one's the knowledge. You know, if you have the tooling, that's a, that's really, really important, but if you don't have the knowledge, it's still going to be pretty.
dangerous, frankly, you just can't. tell people all the time, it's the same analogy. Just because you can get into a biker bar, I wouldn't recommend walking in a suit and tie and sitting down and starting conversations like you may get in the door, but you don't belong. It's going to be obvious you don't belong. You're not going to get treated well, and it could be dangerous. So, you know, what do you think about that too, Matt, as far as, hey, the tooling is really good, but please, let's make sure people know what they're doing and understand, you know.
This is this helps, but it is you're not going to get what you want unless you also know what you're doing and have the experience and the knowledge and the training.
Matt Ashburn (43:59.695)
Yeah, 100 % agree. And I would add on to that analogy, right? Going into a biker bar, it's like the anecdote I had earlier where I said, sometimes your behavior could be a tell. So if you go to a page, you go to contact us, go to policy, click on some things, perform a quick who is lookup, then go back to the page. Okay, that looks a little strange. Doesn't look a typical user. Just like going into a biker bar and start like pestering everyone with questions.
A.J. Nash (44:11.207)
Mm-hmm.
Matt Ashburn (44:27.618)
Where do you guys hang out? What do you like to do? who are your contacts? Who else do you hang out with? What are those patches? What are those all represent? You go in there and immediately start accessing those things and you're going to get some strange looks to say the least. And then maybe, maybe something else. So same thing online, right? No different. Just the effects of a misstep are less apparent and not immediately apparent. Typically it takes weeks or months or years to become apparent or may never become apparent. Maybe just lose access to that source or
you get bad information or any of other things that could happen, you know.
Robert Vamosi (44:59.977)
So the technology, our case, silo, can get you to the doorstep of where you need to be. We can put you anywhere in the world, and you can be right there acting as though you are a local. There is that behavioral aspect. The operator behind the session needs to understand the culture, needs to understand the expectations of that part of the world that they are in. Is that?
Correct, you can't just walk into something cold. You need to basically be briefed as to where you're going.
Matt Ashburn (45:34.627)
Sorry, I couldn't hear you. Somebody's chatting over here. I'm sorry, what did you say?
A.J. Nash (45:39.719)
Take two on that. was a good question. Take two.
Matt Ashburn (45:42.326)
Yeah, it sounded good.
Robert Vamosi (45:43.071)
So in the case of Silo, we can get you to your target. We can put you in that environment so that it looks that you are in that community that you're trying to investigate. But there is also the investigator themselves has to be sensitive to the cultural and expectations of that environment as well. mean, the technology can get me only so far. I have to be ready as the operator of that technology, do I not?
Matt Ashburn (46:12.622)
Absolutely, absolutely. I think the biker bar example is a great one. I'm to steal that for future engagements, right? You need to understand the environment before you go in. You can't just go waltzing in there. Even if you dress alike, perhaps, you obscure yourself a little bit. You put on a leather jacket, maybe ride a motorcycle, the things are. You're still going to stick out just in conversation that you have with someone, unless you're really familiar with that group, really familiar with that environment.
Same thing goes online, no different there, right? And there are many other analogies I think that we could probably come up with where you really need to know the environment, you need to know how people act, why they think that way, how they approach information, how they communicate. All of this stuff is incredibly important, right? It's almost like if you ever are in like a tourist city, right? Or let's say you go over to Europe somewhere, right?
start having conversation with somebody, somebody will immediately know that you're American, that you're not from that country. Or actually, even within the United States, you go to a different region of the country. You're like, well, you're not from around here, are you? Well, yes. No, I'm not. And they pick up on things. You may not know certain terms that they use. You may not speak a certain way. You may have a different accent. You may have a different car that's unpopular. You may have shoes that are in the local store, whatever. Things are endless here, right?
many different attributes and research is the same way. There are thousand attributes and you can't fix them all. You can't use all of them. You can't change all of them. You can't modify everything, but do the best you can. And also, take into consideration the risk, right? The whole thing is risk mitigation. You don't want to heavily modify everything just for a quick look up perhaps, but you do want some isolation and I want to obscure maybe your IP address. So maybe sort of a lower level there. And as you start to do more investigation or go up in
A.J. Nash (48:01.971)
Mm-hmm.
Matt Ashburn (48:07.692)
the risk, then you need to ratchet up your mitigations as well.
A.J. Nash (48:11.635)
Well, yeah, I mean, you talk about the whole blending. mean, demeanor is a big part of it, right? I mean, anybody who's ever been to Vegas in summer, you know, spot the Fed. It's been around forever, right? I mean, there's a reason for that. You know, oh, no. And I was in the government space. I actually helped coach people on how to avoid getting picked up for spot the Fed, which didn't necessarily work. Listen, you know, that high and tight haircut and that, you know, perfect posture and your your pronunciation is going to make it difficult. Right. You know, you can't show up with shine shoes.
Robert Vamosi (48:20.07)
You
Matt Ashburn (48:20.802)
Yeah. Yeah.
Matt Ashburn (48:37.23)
That's right.
A.J. Nash (48:40.147)
the perfectly pressed khakis and the golf shirt kind of a giveaway. but you can't coach people. Right? Yeah. Well, exactly. But you can't coach people out of some of that. I'm, 22 years in the military as an officer. It's a good chance that person's not going to have the lingo and they're not going to match. And it's really, hard to do that if that's not your background. And again, like I said, it's the same thing online. It's very hard to break the habits to not be who you are. Um, and, people will spot that. So it's, this is, there's a, there's a talent, there's a skillset here. There's a,
Matt Ashburn (48:43.79)
Don't use the acronyms.
A.J. Nash (49:08.147)
There's an art as much as a science and there's a danger and a risk if people want to interlope, they want to pretend and cosplay in these worlds. It can be very, very dangerous for them. At least there's technologies to make it less dangerous, hopefully. Worst, they might just figure out, don't belong here and ban you. At least you're not going to go track down your IP and do worse things to you. But to be successful, you got to have tools and talent. And I think that's big piece of this.
Yeah, listen, I know we could keep doing this. Rob, I'd go on for hours. He knows that he's the only reason we don't because he's good enough to keep me reined in because nobody wants to listen to this stuff forever. but I think this is very, very nobody wants to listen to me talk for I know that. But I find it fascinating. I'm so happy that you were able to make time to come on that. I know you've got this presentation coming up overseas that we're very excited about. I think you're in D.C. today. You're always moving around. And but for the hundreds episode to have like
The OG, right? The founder, like the godfather of Needles. The guy who named the show, you know, to be able to have you come back and talk about this. You know, I really appreciate you taking the time and sharing your insights on everything you see out there and how things are going in the community and how people can do a better job. I appreciate all the effort that you put out there to make the world better, man.
Matt Ashburn (50:04.206)
you
Matt Ashburn (50:07.956)
That's right. Yeah.
Matt Ashburn (50:22.165)
Thank you.
Yeah, very much appreciate that. And yeah, the name of the show, you mentioned that. The naming came about, kind of ties in with what we've been talking about actually, is that OSINT many times is trying to find a needle in a stack of needles. And so that's literally where the name came from. They were trying to find names that were unique in themselves, but also somehow described unique challenges to OSINT. And I think that's a great one, right? It really is many times trying to find a needle in a stack of needles. So you have to blend in, you have to...
A.J. Nash (50:36.723)
Mm.
Matt Ashburn (50:54.022)
Do the best you can to kind of go where the needles are, I suppose, and look like a needle or whatever. However you want to carry that out. Yeah, I don't know. But it's been an honor. I appreciate it. And I love how much the podcast has grown. And anytime, I'm happy to come back. Yeah. Thanks very much.
A.J. Nash (50:57.941)
You
A.J. Nash (51:11.815)
shit.
Robert Vamosi (51:12.255)
Well, we'll take you up on that offer, Matt. Thank you for coming here today and we'll invite you back for the second hundred that we do. This 200th episode that's coming up in the future. We'll make sure that we'll have a seat for you on that episode. So you can find the transcript of today's podcast, along with all hundred episodes of Needlestack on our website. If you go to authentic8.com slash Needlestack, which is authentic with the number 8 Needlestack, all one word. And you can find all those episodes there. You can also find us online. We're in all the social media tracks. So look for @needlestackpod. That's our handle and give us some feedback. Let us know what you like, what you don't like. AJ reads all of that. So he needs to have new content. So share that with him. And wherever you're watching or listening today's episode, please subscribe.
Matt Ashburn (52:01.027)
Hahaha
A.J. Nash (52:04.499)
You
Robert Vamosi (52:10.043)
We want to hear from you in the sense that we know that you're out there and we see every week that we're growing in audience. Let's keep it going that way. Tell a friend if you're enjoying this, tell a friend to join in as well. So for me, that's all and we'll see you next time on NeedleStack.
