Checkpoint - Bryan and Paul

Paul Barbosa: [00:00:00] any kind of intelligence gathering, right? Yeah. Like human intelligence signals intelligence. It's if the intelligence is there, but it's not shared, is it? Is it happening? It's, it's like the shared intelligence is like what makes it what? The only way to alleviate the blind spots I think is, yeah, is you've got exchange the context.

You gotta share the intelligence at machine speed. Because humans are too

Ashish Rajan: slow.

Thank you for joining for another episode of Cloud Security Podcast. I'll go two awesome folks here with the shiny one in the middle. Paul, maybe you wanna start with first yourself or a brief intro about yourself, man.

Yeah, definitely. Thanks for having us. Yeah.

Paul Barbosa: First of all, we've been a big admirer of the podcast. I appreciate that. We saw it definitely caught my eye first at the fashion week. Oh, nice. Yes. And said, who's this guy? And started looking at the content. Amazing guests. Always. So we're really honored to be invited. Thank you. And so I'm Paul Barbosa and I'm the VP of Cloud business unit at Check Point.

Ashish Rajan: Awesome. And Brian, returning guest brief intro, what yourself as well on

Brian McHenry: Good to be back. Ashish. I think, I don't know what I'll do at any conference if you're not there, [00:01:00] podcast with you. We're at Aldi conferences.

Yes. Yeah. So this is become a tradition over the last year. Yes. My name is Brian McHenry. I am the leader of Cloud Security Engineering on Paul's team at Check Point.

Ashish Rajan: Awesome. And talking about cloud, I think we are at RSA, and even in the last 24 hours I've been here, we've had conversations about cloud, we've had conversations about AI, we've had conversation about edge security.

So maybe just to set the picture between the world of edge security and cloud security maybe if you wanna give it a short version to explain that to how do you see that world today considering you guys have been in that space since a very long time.

Paul Barbosa: It's almost what's happening inside right versus the edge. That's incredibly dynamic and makes it super fun for us to have conversations with with our customers, with our partners, with alliance partners as well. Yeah. Because revenue runs on clouds course and the agility and the speed that people are delivering, like just groundbreaking, like applications to the world puts the importance and the focus inside the cloud. But the edge is still [00:02:00] there, right? Yeah. And the perimeters are falling down as they traditionally were speaking, but it's still, as we see it still important to have a federated strategy of what's happening on the edge.

And not just a consideration of how quickly you can deploy and the agility to deploy, but like the enterprise class. Effectiveness that people traditionally appreciated in their on-premise environments. Yep. Taking no steps backwards on the edge, and that's really the challenge is maintaining the agility, but also maintaining the enterprise grade prevention kind of first strategies that people were so used to in the on-prem world.

Ashish Rajan: Would that be the same for cloud as well? I don't know if you have some thoughts on there, Brian.

Brian McHenry: Yeah, I think there's increasing awareness around the cloud itself, I think as Paul's alluding to, has its own edge.

Paul Barbosa: Yep.

Brian McHenry: And cloud native tools quite often are not sufficient or not equivalent to the enterprise grade tools that we're used to.

So whether it's a web app firewall, it's a network firewall. The cloud native providers, whether it be [00:03:00] Azure, AWS, GCP and others, they have those tools available on their platform, but they're not enterprise grade in many cases. And so as enterprises mature in their cloud adoption, they're finding, Hey, I need to have the same level of security, same level, same posture that I'm used to on prem in my cloud edge.

Yeah. And not only that, to the point of the federation that Paul's talking about is, hey, even if the tools are sufficient in the cloud or if they were sufficient in the cloud, they are disparate. And in a multi-cloud world, if you're going from one environment to another environment, to another.

You have three different tools and three different clouds. And then you have your on-prem tools now that you have this tool sprawl. Yeah. And you start to lose context in between how traffic is not only moving in and out of those clouds, but between those clouds.

Paul Barbosa: Yeah.

Brian McHenry: So having a uniform type of tool at the edge of something that Check Point has been able to deliver a very cloud friendly, cloud oriented virtual firewall form factor.

Yeah. That's really changed the game in the way our customers have [00:04:00] been approaching their edge security in the cloud.

Ashish Rajan: That's awesome 'cause I was gonna say, you mentioned multi-cloud as well. There's not just a hybrid cloud, multi-cloud, private cloud. There is also this wave of Kubernetes, containers.

It's like a whole thing happening in there as well. And I guess maybe for people who would've had traditionally a network only in data center moving to cloud today. And surprisingly, there are people still moving to cloud today. And people who are moving to multi-cloud, people who are moving towards a mix of, I have acquired a company.

They have their own thing. What are some of the use cases in, in terms of edge security to what you said? What is the role for a full story of that whole a application all the way to, from the runtime perspective, all the way to the backend or the edge security? What's the use case there?

Paul Barbosa: Yeah I, it's interesting like as, as we have these conversations and nothing static. Yeah, there's the plan. Yeah. And then there's the reality that happens. And they were like, oh, we're moving these apps. And to your point, oh, we just acquired somebody. Okay. What's [00:05:00] their tool set?

And there's this period of like answering the questions in succession. Yeah. And so I think was is we're having these conversations. We hear a lot about, first we're getting our arms around it. First question is, what's my visibility? What's the posture inside of it? And they start asking questions about, okay what's vulnerable?

What's exposed? Yeah. And those series of questions chain themselves down a tool set. And then people are like, wait a minute. We need to do something about this. Not just alert. Yeah. And so that whole progression of CNAPP is what we see. And then it gets to be a bit recursive in two directions.

Like one is why do we have all these vulnerabilities in the first place? We should be shifting left more like catching these in the dev cycle. But then at the same time it's but how do we prevent at the edge? And so as people grow up through whatever strategy they had in the realities that they face, we see a lot of like, where do we bring consistency back?

Yeah. So that we have a modicum of control over like a, an environment that's like never static, that changes all the time. That you can't really anticipate [00:06:00] so much. So like where you can standardize, where you can get consistency, where you can pull the tool sprawl back.

Yeah.

That's a lot about like where we're taking our strategy.

Here's a foundation, like here's like the rocks of Gibraltar. You can like, really control what's going through these straits. Yeah. And give you time, right? Yeah. To go in and assess those needs of security that are so multi-layered inside the cloud,

Brian McHenry: I think, it's the evolution of defense in depth and applying it to the cloud and architecture, right?

So Kubernetes and those things sit at one layer of the public cloud and even the, even on-prem, right? So you have all these things that exist in layers and the ability to monitor and detect and respond at various layers. And even if we shift all the way left and we get really good code coming out, you still have platforms, whether it's an application server platform, a database, what have you, that are gonna have vulnerabilities over time and yeah, you're not necessarily gonna be able to patch at the rate of discovery.

Yeah. So you need, to Paul's point, you need to have those straights and those [00:07:00] bottlenecks that you can channel traffic through and ensure that, you have the compensating controls via those defensive players. Yeah. Defense in depth is probably the oldest concept in cybersecurity.

Yeah. And it remains the most relevant in my view.

Ashish Rajan: And zero days are a good example for this as well, to your point, you may patch, you may have the best code out there, but all it will take is one zero day that comes out and next thing or open SSH or whatever they think, right?

Heartbleed take so many examples that came out of people that one thought this should have been solved I don't know, 20 years ago. Why are we, why didn't we look at this then? So is that also where edge security has an advantage?

Brian McHenry: Yeah, absolutely. Because you can make policy changes on an edge security platform, be it a web app firewall, a network firewall that is much less disruptive than say, a patch of an application server platform, database platform, what have you.

So that, again, it's compensating controls. It doesn't mean I'm not gonna patch that vulnerability. It just means Paul's point. I can buy myself some time to respond. Yeah. Yeah. So it really is about meantime to [00:08:00] remediate, meantime to mitigate, yeah. Post discovery, whether that's a zero day or you're doing a vulnerability assessment, and I think that's where we have this advantage in partnering with folks like Wiz, where we get the context from the workload, we understand what's going on at the workload level, at the Kubernetes level then what can we do to. Remediate, provide better context to, rating those vulnerabilities providing other means of remediation other than simply, Hey, go patch this. That's usually the directive you get from your CNAPP is, that's right. Go patch it. Yep. And really what you would like is to have a an alternative to that, again a compensating control in your defense in depth model. Yeah.

Paul Barbosa: It's like the missing context right across the whole end-to-end security in the cloud. Yeah. I think for so long, these spaces have grown so fast and there's been so many great vendors coming out with like innovative security tools, right?

For emerging tactics, techniques, all that kind of thing that like is necessary. Yeah. But like in so many ways it was like, here's the tools. Yeah. Go [00:09:00] do something with these. And nobody's, no, I don't know anybody in security that's Hey boss I'm done with my projects. You gimme something else to do.

Everyone's so busy, so bored right now. We had nobody, I'm had nothing to do. So we took a look at our strategy and we thought this open garden, should be more on the vendors. To say like it, platformization and all that kind of thing to deliver a platform, we see that consolidation.

Yeah. Everyone does. But at the same time, like there should be connections that the industry makes and the connection and the alliance we signed with Wiz was an example of that where we said, look, just because something's vulnerable doesn't necessarily mean it's exposed. Yeah. And the compensating control, like the network cloud.

The cloud firewall knows what policies are there. Yeah. How come the CNAPP doesn't know that? Yeah. We should be doing something to help the industry and customers go, ah, okay, I bought some time. It's critical. It's not exposed. Yeah. So is it on the 3:00 AM list? Yeah. No, it's not. And we signed another we just announced a [00:10:00] a integration with Illumio .

Oh yeah. So we're trying to bring, this again, in the same way an open garden that says micro segmentation in the cloud is a legit, valid strategy to secure your cloud. Macro segmentation is also legit. Yeah. How come they're not exchanging context? And we brought those two contexts together where Illumio can read the logs from the cloud firewall and make better informed decisions on the policies with microsegmentation, we're having some fun with the analogy. And we were like, you've got a fine granular view of who's going into a house and what rooms they're going into and such, but we didn't have any information of who came in the city gate.

Yeah.

So we should be talking to each other and that's what's, that's what's exciting, for us right now is this fresh approach, yeah. So let's open this up. Let's integrate. For the benefit of our customers. 'cause everybody, nobody has time on their hands.

Ashish Rajan: A hundred percent. Would you say there are blind spots as well? Because I think as I hear this, to your point about not knowing someone who came through city gates, it's almost like making me also think that maybe a lot of people are not even aware that they have these [00:11:00] problems.

Paul Barbosa: So Yeah, totally. It's always any kind of intelligence gathering, right? Yeah. Like human intelligence, signals intelligence. It's if the intelligence is there, but it's not shared, is it? Is it happening? It's, it's like the shared intelligence is like what makes it, the only way to alleviate the blind spots, I think right is, yeah. Is you've gotta exchange the context. You gotta share the intelligence, yeah, at machine speed. Because humans are too slow.

Brian McHenry: And I think there's a, in a cloud maturity model, right when it enterprise is first adopting public cloud.

There's a presumption that the cloud is providing a certain amount of security. They've looked at the shared responsibility model. Yep. And they've mentally noted. Yeah. There's a shared responsibility model and some of the securities on me, but there's often early on in the cloud adoption, there's not a real serious cognizance of.

Oh, there are some things I really need to pay close attention to. Yeah. That, the cloud provider may not be providing me with what I need based on my enterprise's requirements, and that only compounds when they start to adopt multiple clouds. And need to assess each cloud on [00:12:00] its own merits.

So that blind spot often comes from presumptions of where the security is coming from. And what we see with the more mature enterprises in their cloud adoption is that they're very cognizant that, Hey, the cloud only provides just so much security, and I need to bring a practice to bear. I need to mature my own practice how I secure my cloud environments.

Yeah. And that's, it's a journey that we see a lot of customers on. In various stages. And I think one of our last conversations we talked about how there's 85% of like enterprises still aren't really in the cloud at all. Yeah. Which is really crazy to imagine. That's right.

That there's so many that are early in the journey.

Ashish Rajan: Yeah. We still talk to people in 2025 moving to cloud and you almost think wow, you're going digital transformation in 2025. And I think it's also a humbling moment you realize that, there's obviously what we feel is the majority versus what the real majority is as well.

So for people who are building security programs at the moment for 2025, and thinking about, a lot of enterprise already have a program, but they're uplifted for some of the things [00:13:00] that you might be seeing. First question is more around what are you seeing as the emerging trends in your space that you're seeing that people should be keeping an attention or keeping an eye on.

Paul Barbosa: What I'm seeing is the intervention of the security program at the architectural decision period of moving applications into a hybrid environment or purely, lifting and shifting. Because we see foundational blueprints to get the application going.

Yeah.

What does it need, what's the routing?

How do we make it available, how do we scale it? All those things that you need to do, right? To make the app work. And then those blueprint recommendations are like shared responsibility gets like shared, gets moved. Yeah. In a sense. And so like trends we're seeing for programs is who's making the call on the security policies that exist today?

And how informed is that architectural decision for that migration happening? Because we do see it split, right? Even in, in a lot of the partners that we work with here's the cloud practice and their mission is to deliver the [00:14:00] app. Here's our security practice, and it's are they talking to each other?

And as industry, what can we do to make the products facilitate? Yeah. That discussion. Yeah. So we see that as a, an emerging trend of making the connections again at the architectural decision layer, not, oh, we gotta set of tools now running and we wanna pull it back. We wanna apply this.

And it's hard at that point.

Ashish Rajan: Yeah. Did you wanna add anything to the trends you was noticing? I

Brian McHenry: mean, I think, multi-cloud still is the biggest trend I see is

Ashish Rajan: yeah,

Brian McHenry: enterprise is trying to master their multi-cloud presence and get their arms around the problem. And in the same way, a trend that's ongoing is, I can constantly hear CISO saying I need to consolidate vendors and to shrink the number of tools that I have to manage and multi-cloud only exacerbates that same problem. So I think those two things continue to be a trend that's pushing forward. And then to Paul's point, I think it's the trend towards remediation rather than just visibility.

Paul Barbosa: Yeah.

Brian McHenry: [00:15:00] Really trying to get more, more complete picture context so that I can say.

With some certainty I know that I've remediated this exposure. Yeah. Or I've reduced the risk of exploitation in some way, shape, or form. Yeah. So that, that has really become a big focus. We've seen a lot of customers saying, yeah, I've got all kinds of different things that assess vulnerability for me.

From the application layer, the network layer, the workload layer. So I have all these different tools for vulnerability assessment. Yep. What can I actually do to start meaningfully remediating and reducing the time to remediate? So that's a trend. And I don't know that all the tools have caught up.

This open a garden approach of integrating with, third party vendors, integrating with the clouds and so forth. Yeah. By, by doing that we can gain this better context that enables, faster remediation.

Ashish Rajan: Yeah, and I guess goes back to what Paul you were saying about by having the context across the board, I'm thinking more from a say you have edge security, but there's an incident that happens. At that point in time, it's very critical for you to know the entire context [00:16:00] for, to what you said. Is it a 3:00 AM issue or is it a I can come back to this 9:00 AM tomorrow morning.

That's totally fine.

Paul Barbosa: Yeah. Yeah. It's, and like from a trend standpoint too, it's what we see is of course we can't have the conversation without saying AI, right? Yeah. We have to at some point.

Of course, it's obligatory, of course, but it it's meaningful, it's real, beyond the hype, right?

It's like moving from alert to a ticket to a queue to an alert. Context informed. Yeah. And then where can AI co-pilots or AI ops help take action where it's appropriate? Yeah. Within the right bounds of, not breaking anything. Yeah. But we are seeing that as a trend and we all should be challenged with that.

How are you leveraging, what we hear, how are you leveraging .AI to make the operations and the response more immediate and focus on exactly what needs to happen. And you know where we're going with our alliance with Wiz is in that direction. Yeah. Okay. So we can say look here's Wiz and they've detected a vulnerability right.

In this Apache server. And it's bad. It's critical. Yeah. [00:17:00] And, the context reading the firewall policy is, hey, and we agree. Check Point agrees on the edge. There is no IPS policy here. Yeah. Yeah. Would you like to enable IPS on this, given the context? So we enrich the alert from Wiz. Yeah. We inform the security policy on the edge.

And then give an easy way for customers to take action. Yeah. That's the vision, right? Yeah. That we wanna deliver and we talk to customers, they're like, yes. Yeah. That is the right direction, right? Yeah. Bring these two things together, gimme context, but then make it easier for me to get out of the ticket to the queue, to the, gimme something actionable right now.

Ashish Rajan: Yeah. Because at the end of the day, that's what matters. Irrespective if you, it's not about, I've got visibility into 5,000 alerts. It's which one knows those 5,000 should I really care about right now?

Paul Barbosa: Exactly. Yeah. We always ask how many of what's the drift over? We hear that a lot.

What's the drift over time? I. So I've got 10,000 alerts. Is that good? Is that more than yesterday? Is it going down? What's the contextual enrichment that says what, okay, like now what did we take action on? What did we, yeah, [00:18:00] what did we prevent from happening?

Ashish Rajan: Security programs in 2025. Should they have, I would love to hear from both of you as well. Based on the trends you've gonna shared most enterprise that have multi-cloud, hybrid cloud, they all obviously have complexity going on at the moment. And there's a push for consolidation as well to what you were saying as well.

What do you see as people should consider putting in their security programs in 2025? People have had uplifted. Many people are walking these roads of RSA figuring out, Hey what am I uplifting? Or is this something I should include if I haven't included already? What are your thoughts on people who are out there looking for, what should they consider putting in security programs?

Brian McHenry: I think, cloud application detection and response or ADR, CADR, CDR, it goes by a bunch of different names. Thanks, Gartner. No. All the acronyms, but detection and response as it applies to applications in the cloud, I think is something that everyone should be looking at. You're in the cloud, you need to be looking at detection and response, because that's where the remediation we're talking about comes from.

And that's really, the points of integration that we're building with Illumio, with Wiz [00:19:00] is to improve detection and response. And I think that's where the rubber hits the road, like you were saying. Yeah. Like that. What can I take action on? What is the drift over time is this just whack-a-mole, like one alert down and two more spring up?

And that's, you gotta get to a point where you're starting to understand, am I reducing my risk over time? Am I improving my posture? Because ultimately you want to be, as a security practitioner, go to your CISO and say, Hey, at the end of the day, this is what our posture looks like. We're improving.

Yeah. From a gamification point of view. Am I improving? Am I getting, five stars today? Whereas I only had two stars, at the start of the year. That's the kind of thing you wanna be able to demonstrate to the business, yeah. So you can say that to your ciso and your CISO can then go to say to the business like, yes our risk is reducing over time.

We're improving our security practice in a measurable way. Yeah. And that's where detection and response can really, create that measurability on risk reduction.

Paul Barbosa: Yeah. Yeah. I think it's said, Brian and I do think it's almost visibility is we've answered that question as an industry, it's not enough anymore. That's right. Yeah. Like the uplift gets into visibility and. [00:20:00] Yeah. Visibility to action. Yeah. But we did have the challenge. There's no question we needed visibility, so we were all focused on just getting our arms around asking, answering those initial questions.

Yeah. What's my posture? And that took a lot of time. It took a lot of work, to normalize, like seeing into everything we needed to see. Yeah. Still work to be done, but I think like uplifting for sure is like taking that visibility to now action oriented outcomes.

Ashish Rajan: Yeah. And I guess. What I'm hearing from both of you is also, maybe people should have a closer look at the success metrics for their security programs.

Instead of, to your point, do I have visibility? Why not focus on, Hey what does my mean time to detection response looking like, is my alerts reducing over time? It's a lot more about. Hey, yes, you wanna consolidate, but are you probably even using the tools you have in the first place? So visibility would definitely highlight that.

We don't have exposure to most of stuff then you go back to that. But at least having a success metrics that do what both of you mentioned with over time, reducing [00:21:00] the time it takes to detect something, to respond to something that is probably a great measure, especially in a world which is, if you're going, if you're going with what the industry is saying with the AI attacks around the corner, where it's gonna be very dynamic.

Meantime to detection and the meantime to response is gonna be really quite crucial. Yes. Yeah. 100%. Yeah. I'm just excited for that, but I think those are technical questions I had. I've got three fun questions for you guys as well. Brian heard that before, but, oh I'll let you go first. Okay.

And then Brian can answer after you. The first one being, where do you spend most time on when and not trying to solve the cybersecurity problems of the world?

Paul Barbosa: Oh boy. I spend most of my time trying to figure out how to take. A tiny white golf ball and strike it and make it go where I want it to go,

Ashish Rajan: and actually hit the ball as well and actually hit the ball.

Paul Barbosa: I spend a ton of my off time when I'm not thinking about this obsessing, about what am I gonna do with that tiny white ball and how can I get it straightened down the fairway? Wait, is that a handicap for such a state?

Ashish Rajan: Because I'm in the [00:22:00] st same stage as you are, is that a considered.

Paul Barbosa: Let me give you an insider tip on this. And the golf fanatics out there may like faint when I say this keeping score ruins the game, really, I've come up with an entirely new scoring system. Yeah. Which I give my point, one point to me, if I hit one good shot per hole, it's a much more like relaxed way to play the game.

Of course. Yeah, that's my, yeah, fair. I'm gonna, I'm gonna use that.

Ashish Rajan: What about you, Brian? Has it changed?

Brian McHenry: So really just a lot more travel of late. My wife has been traveling a lot for her job, so we've been trying to interweave work and personal travel. So I've been to Switzerland, Portugal.

Oh, nice. Going to France later this summer. We're gonna see, go to Cannes for my, the first time, tagging along on one of my wife's trips. Oh, wow. Gonna celebrate her birthday while we're there. Yeah, so travel is the big thing. And then. The other thing is we I don't know why we did this to ourselves, but we're gonna put a pool in this summer.

I don't know why. But I think we just need a big, chaotic project. Yeah. Interesting.

Ashish Rajan: Yeah. Because travel by [00:23:00] itself is more like in fascinating and chaotic enough. Let's just do, add one more thing in there. 'cause fair second question for yourself. What is something that you're proud of that is not on your social media?

Paul Barbosa: Proud of that I'm not on my social media. Gosh. Spending time with my parents.

Ashish Rajan: Oh, nice.

Paul Barbosa: Yeah. We've got the opportunity now that my kids are grown and off around the world. Yeah. To really invest in spending time with my parents. And I don't know if it's like pride, but it's just gratifying.

Oh, I would, do they

Ashish Rajan: want you there

Paul Barbosa: or

Ashish Rajan: just showing you?

Paul Barbosa: In, in fact they are beginning golfers themselves. Oh. In their late seventies. Oh, they got bitten by the bug. And so when I am in town, I get the real joy and privilege to spend at least four hours a weekend.

Ashish Rajan: Oh, nice. So you guys don't you would use a new scoring system No handicap

Paul Barbosa: Yeah, no handicap system fair.

We just timed hours spent together.

Ashish Rajan: Don't worry about hitting the ball. Let just time. Yeah.

Paul Barbosa: We'll just be out in nature. That's right. Company the walk. [00:24:00] Yeah, that's

Ashish Rajan: What do you, Brian?

Brian McHenry: So I'm not really on much social media besides LinkedIn. Yeah. So it's a little bit easier question for. Recently my wife encouraged me 'cause I, I was like briefly obsessed with this show, Forged in Fire and some of your listeners probably have seen it Okay. On the History channel, but I've, I'm starting to take some inter courses on Bladesmithing. Oh shit. Okay. Wow. So it's I'm. The new hobby. It's not golfing, but it's still hitting something.

Paul Barbosa: Yeah. But it's way more interesting, which is generally the measure we go.

Brian's more interesting by far. I know, I was gonna say,

Ashish Rajan: you can actually see the shape forming as well when you, when it comes out of it as well.

Brian McHenry: A as a lot of the people that I've talked to say about it, it is I get to play with fire and hit stuff. So it's a, it's,

Ashish Rajan: it's a win-win. Yeah. It's a win.

I love that. Third question. Favorite cuisine or restaurant? Paul?

Paul Barbosa: Favorite cuisine by far, no question. Immediately. Korean barbecue oh yes. All day, every day. All you can eat.

Ashish Rajan: Wait. Favorite restaurant then? What's the favorite Korean barbecue restaurant?

Paul Barbosa: Ah, I like, I like Gen K.

Ashish Rajan: Okay. Is that in bay? In the Bay Area?

It's Bay [00:25:00] Area. Oh, nice. Yeah.

Paul Barbosa: Very dependable. Always good.

Ashish Rajan: Okay then. Yeah. Alright. A Korean barbecue fan as well, so that's pretty awesome. What about you, Brian? Sushi all day. All day sushi. All day sushi.

Brian McHenry: And the, my favorite that I've ever had was actually just a month or two ago, went to Tokyo with my family for the first time.

Never been to Japan before. Wow. And we did a, like a 12 course private Omakase experience. That was outrageous. Oh. If you go to Tokyo. Splurge and get an Omakase experience with a chef where there's eight seats and you gotta reserve it well in advance. That's the one tip. Reserve it well in advance.

Okay. Before go on your trip, get an Omakase experience if you ever go to Tokyo, it's,

Ashish Rajan: it's the whole thing that the chef is just basically, playing fire doing all of that?

Brian McHenry: It's,

Ashish Rajan: it's,

Brian McHenry: It's less fire because it's not the hibachi thing. Sushi. Oh okay. Yeah. Behind the sushi counter.

And he's just making one little piece of sushi, like each course is just one piece of sushi or one piece of a roll and it just keeps coming. And it's and you think, oh, I'm never gonna get full off of like 15 courses of one piece of you get full. Alright. And it is the most [00:26:00] delicious thing I've ever eaten.

Ashish Rajan: Wow. Okay. I'm gonna put that in my list as well. Tokyo, top of the list for places to go for me as well. So thank you for sharing that. Where can people find you, Paul, on the internet, to connect with you and talk more about edge Security and what Check Point is up to?

Paul Barbosa: Yeah, definitely on LinkedIn.

Hit me up, let's have some conversations about it.

Ashish Rajan: Awesome. Brian, same for me. LinkedIn the one and only platform that is the true social media platform for all of us at RSA LinkedIn And Catch Fashion Week. Oh yes, RSA Fashion Week people. Definitely tune in. Thank you for that everyone.

See you next time. Peace. Thank you so much for listening and watching this episode of podcast. If you've been enjoying content like this, you can find more episodes like these on www.cloudsecuritypodcast.tv. We are also publishing these episodes on social media as well, so you can definitely find these episodes there.

Oh, by the way, just in case there was interest in learning about AI. Cybersecurity. We also have a sister podcast called AI Cybersecurity Podcast, which may be of interest as well. I'll leave the links in description for you to check them out, and also for our weekly newsletter where we do an in-depth analysis of different topics within cloud security, ranging from identity, endpoint all the way up [00:27:00] to what is the CNAPP or whatever, a new acronym that comes out tomorrow.

Thank you so much for supporting, listening and watching. I'll see you next time.

‍