Read the latest posts from Infosec Press.
from Threatc.at
Trying stuff.
As in, both definitions?
I will attempt to post stuff here that will likely be a redundant copy of something I posted elsewhere. And also in the sense that navigating and using online spaces today is annoying, difficult, strains one's patience. Who knows what any particular platform is going to be like in x months or years. Better to have some other space to collect that stuff.
Anyway. As Austrians say, schau ma mal (“we'll see”).
from JR DePriest
I heard the man across the restaurant, excitedly telling his server about his “vision quest”.
I reached into his mind and watched the finale before he spoke it: stripped nearly naked, hooks pulling his skin on both sides of his torso, darkness, firelight, drums, and a heavy dose of ayahuasca.
He said his vision brought him here, to our little out-of-the-way hamlet, by the shallow lake, by the thick woods, between the mountains.
And I saw his vision: the surging water, the sudden collapse, the sky lit by fiery aurorae.
He had seen something he should not have seen.
I twisted his vision, brought it from the past to the present, parked it in place, amplified it with my own magick.
His head went back, eyes wide, mouth slack open and keening like a dying animal.
I turned back to my companion, the witch. She had a name, but I called her “the witch”.
“Someone call 911,” she said.
The police and paramedics gently took him away, for observation, for his own safety.
Most everyone there was part of the plan. Most everyone there knew what had really happened and breathed a sigh of relief.
Others just shook their heads, feeling sorry for a man who had some sort of nervous breakdown at a crowded restaurant.
I took the witch's hand and said we needed to talk to her father.
This man's vision was not part of our plan and what it showed was troubling, too troubling to talk about in mixed company.
She was unconcerned. She didn't see what I saw.
As we exited into the street, into the cool night, into the moist air, we talked about what we'd accomplished in three generations.
We'd made this town prosperous. We made it comfortable.
We were in brochures and discussed on message boards and social media.
“a haunted little town”
“a beautiful, if quirky, gem”
“strange tidings, lovely people”
This place was alive and we bled off the excess slowly, for our own benefit, for the benefit of everyone who called this place home.
What he had seen was like a tidal wave, like the water, once sucked out to sea, suddenly pouring back in, overwhelming everything.
I was old enough to know what this meant but I said nothing of my fears to the witch.
Fear? Was it fear?
Or was it a sense of the inevitable. Of knowing this day would come.
Was it relief?
Could the emotions of a thing like me be described in such simple terms?
The witch smiled, and intertwined our arms.
It was a cold night and I could see her breath.
The parking lot of her father's office, the only office building in town, was empty.
A witch like him didn't need to drive.
There was no warning.
The parking lot exploded in front of us as a house made of metal and wire seemed to dig its way up through molten asphalt and churning earth.
I recognized it at once; “the clockwork witch,” I said out loud.
The witch at my side did not understand.
To her “the clockwork witch” was an urban legend.
A tale to terrify young witches into behaving.
“The clockwork witch” had been the creator of this place, had filled it with potential, with purpose.
She'd created a nexus (a nadir, really), a place where all magic must flow and would feed and feed until she had the power to rule everything, everyone.
But she was betrayed and locked away by her students, by her lessers.
How had they found the words to bind her?
How had they discovered the symbols needed?
How had they devised such clever wards without help?
I knew what happened, because I was there.
Yes, of course I knew.
She was trapped outside of time, outside of space.
A pocket reality where she could play god or goddess, do whatever she wished, create, destroy, anything.
But away from here, away from us.
We steeped in the magick, siphoned a little off the top, before releasing it back into the world.
What flows here, we use simply, for our own benefit, for the benefit of the town.
We share. We cooperate. We thrive.
For generations.
Now, here she was, the clockwork witch reborn.
She could not be as strong as she once was, the power was no longer here and breaking free could not have been easy.
But some magick requires only the correct way of thinking and reality will bend all on its own.
And the witch beside me disappeared, vanished.
I believed her father had probably done the same.
Not by choice.
No, the clockwork witch had them.
She looked so human as she stood before me, an old woman in one view, a towering fiend from another angle. I saw both simultaneously.
She knew me, remembered me.
It had been hundreds of years for me, for her, who knows? An hour, a weekend, a millennium?
I was standing before her.
I did not move nor was I moved, I was simply in front of her now whereas previously I had not been.
I bowed before her. As was my position.
The position she had appointed.
“Watcher,” she said.
“Master,” said I.
“Am I?” she said.
I said nothing.
“Watcher, tell me what has happened.”
She did not mean with words but with my mind I exposed all the centuries of memories, of meetings, decisions, of births, deaths, agreements made and broken, waters risen and fallen, the shift from the forest to the edge, from hiding to inviting, to deceit and capitalism.
I showed her almost everything.
I felt her disappointment.
I was supposed to shepherd them, not become their servant.
She raised a phial of liquid to her lips and drank.
I knew these phials and felt this was the remains of the father of the witch who had been my companion.
“Mary” had been her name. I felt shame in using it now.
At one angle the clockwork witch great taller, broader, in another, she grew younger.
She lifted another phial and spoke to it: “what is it you want?” she asked.
And Mary's voice said, “I've only ever wanted a small coven of my own.”
We both felt the truth in this. Mary had been part of the great work because it was her birthright, but her heart was never in it, not like her father.
The clockwork witch felt no anger or hatred from her.
“Then have it,” she said, tossing the phial back into the pocket dimension in which she had been trapped.
I wished Mary well.
“Watcher,” she said to me.
I felt the sting of her eyes, the depth of her gaze.
She reached into me, deeply, deeper than I'd even allow myself to venture.
“You betrayed me,” she said.
There was no emotion to her words. I could feel her words and there was no emotion.
It was only a statement of fact.
I did not remember betraying her, but I felt the truth in it.
It was me. I taught them to capture her.
Then I made myself forget.
I felt my body slip away, forget itself completely, become liquid, become smoke, slithering into the ground, but I was caught, and stoppered.
And she drank me.
I felt myself break apart, each bit struggling to remember a single fact, a single bit of information.
That was all I was, information.
That was my purpose.
And I felt each fragment lose its grip until even my own name was a mystery.
I was nothing but her blood, her life.
I was gone.
#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #AmWriting #WritingCommunity #ShortFiction #Fiction #Paranormal #Witch #Magick
This work is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.5/ or send a letter to Creative Commons,543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
from Lee Rayl's Big Ideas
Cooking spray – 1 cup (8 oz.) unsalted butter, softened, cut into cubes – 1½ cups granulated sugar, divided – ¼ tsp. kosher salt – 2½ cups (about 10⅝ oz.) unbleached all-purpose flour, divided – 5 large eggs, at room temperature – 1 Tbsp. grated lemon zest plus 1 cup fresh juice (from 4 lemons) – 3 cups thinly sliced fresh strawberries – Powdered sugar, for serving
Preheat oven to 350°. Line bottom and sides of a 13x9-inch baking pan with parchment paper, leaving a 2-inch overhang over long sides of baking pan. Coat with cooking spray; set aside.
Beat butter and ½ cup of the granulated sugar in bowl of a stand mixer fitted with a paddle attachment on high speed until light and fluffy, 2 to 3 minutes, stopping to scrape down sides of bowl as needed. Whisk together salt and 2 cups of the flour in a medium bowl until combined. With mixer running on low speed, slowly add flour mixture to butter mixture, mixing until just combined, about 30 seconds, stopping to scrape down sides of bowl as needed. Increase speed to high, and beat until dough holds together, about 1 minute. Transfer dough to baking pan; press into an even layer. Bake in oven until edges are just beginning to brown, 18 to 20 minutes.
Meanwhile, whisk together eggs and remaining 1 cup granulated sugar until combined. Whisk in lemon zest, lemon juice and remaining ½ cup flour until no clumps remain. Let mixture stand, uncovered, at room temperature until foam appears on top, 2 to 3 minutes; skim off and discard foam.
Remove pan from oven. Pour lemon mixture evenly over hot crust; arrange strawberry slices evenly over top. Return pan to oven, and bake at 350° until filling is just set in center but still a little jiggly, 20 to 25 minutes. Let cool in pan on a wire rack, about 30 minutes. Refrigerate, uncovered, until fully chilled, about 45 minutes. Remove from pan using parchment paper overhang as handles. Cut into 12 bars, and dust with powdered sugar.
Serves: 12 Active time: 35 minutes Total time: 2 hours, 30 minutes
#cooking #strawberries #lemons #recipes
from acrypthash
Latest Updates and Projects
It's been a bit since I made a blog post, so I felt it was time to write down all of my latest updates. It's been a busy but fun past few months and I am excited to share everything that I have been working on!
Projects – Google API reporting script, Google Drive API PII scraping script, web app pen testing, router hacking, detection and alerting, cloud security engineer certification and more!
Google API reporting script: https://github.com/acrypthash/Google-Workspace-2FA-Report
This was a fun one. This python script generates a report that shows me any user that doesn't have 2FA enrolled and outputs it to a file. The goal was to make it “automated”, so I have added this script to a cron job on one of my servers that runs once a month. The output is then sent to a Slack channel for me to review at a later time. It has proven to be very useful!
Google Drive API PII combing script: https://github.com/acrypthash/Google-PII/tree/main
Again, another fun one. This one is still a work in progress This python script combs a Google Workspace tenant's drives for any documents that have PII. The reason for this script was because while Google can generate a report to show a quantitative value of how many files contain PII, they can't actually tell you which documents actually contain PII. The goal of this script is to actually output the file id and location.
Web App Penetration Testing: I have been working with some new vendors over the last few weeks to make arrangements for a web app penetration test to be done against one of our websites in the upcoming month. I have been learning a lot about what to look out for in these tests, what tests are to be done and most importantly, cost. Bishop Fox (https://bishopfox.com) has been one I am most forward to working with however budget is a bit of an issue on our side. I've also like their recent release of a tester to see if your Foritgate is vulnerable to CVE-2023-27997.
There is much that I have left out of this post, but I will end in mentioning that I am working on getting my cloud security engineer certification from Google. I am excited to add this one to my security belt.
from m4iler
Wow! This is nice!
from Michael Reinhart
The quick brown fox jumps over the lazy dog.
from acrypthash
What I have been up to
I got up a little early today to work on my to do list since I have been out working on other things as of late, however I decided it was time to update my blog with a quick snippet of what I have been up to lately.
Last week I attend a cybersecurity conference in my area called SecureWorld. I had a really fun time. I sat in on a bunch of very insightful talks that ranged from a FBI agent reviewing a crypto mining case to listening in on a panel about risk and how to communicate what risks are key in a business. I had the opportunity to talk to some vendors that our company has been utilizing for some time now as well. Overall, the time and money spent to attend was well worth it.
Yesterday, I also gave a talk at Penn State on Vulnerability Management with Data Driven Defenses. I had an absolute blast. I had spent a lot of time preparing in the past few weeks, practiced the talk to my dogs, and even did a test run with my team in our daily working session meeting. The students seemed interested throughout the whole talk and I even got a shirt and food from them at the end :D. I am most definitely going to be looking into doing more talks.
For now though, I need to get back to work. I have a many items and projects that were back burnered the past few weeks that require some attention. I also have a cybersecurity intern that will be starting with me at the end of next month. Until then, back to the grind stone. LETS GO!
from HiddenPoss
(0002 – P)
Well, this quest started due to my weird obsession with hidden messages. Yes, I do use invisible ink, and I also use coded messages in my notes. I also accidentally code my messages, though. I sometimes write like I read, dropping words and letting context clues fill the blanks.
While I love the idea of encryption, I also love the idea of hiding in plain sight. Similar to number stations. We all know their radio bands, but what they are sending.. is still being determined. My current drive to create something is from the idea of number stations, and I am making something hidden but also open to the public. It's a fantastic idea in my mind, and this is akin to an art project.
So where am I now with this? Well, I'm creating words per se, and I'm basing it on Chinese or Japanese in the way the symbols can both be read and mean something. Well, about that being “read,” my goal is not being able to be read. A, their arere's no sounds. But how can it be read then? While I am no music major, I considered attributing words to notes or chords in sequence. This way, an innocuous music or song in a YouTube video can be a secret message to worship Satan and make blood sacrifices suddenly.
But, for now, this is more of a shower thought as I need to play with a test run of these. Which I already am in secret. As it's still a dumb idea.
from HiddenPoss
I'm not fully sure on the direction of this blog but supposed a few things I might try would be longer format posts. With specific topics such as: tech or just my personal life. I might even cross link stuff to the other “blog” I got which is a WordPress as it's free there too. Also it gives me some leeway to post stuff that can be frowned upon elsewhere.
Also a major thing to note. Unless it's an important post, there won't be a spell check. I will go over them a later date but a spell check won't be used unless it's an important one.
For my posts I'll probs have a selected nunbering order and tags.
G which is for General topics P which is for Personal topics T which is for Tech topics D which is for Doodles G which is for Gaming A which is for Investigation topics Y which is for Spooky topics N which is for NSFW topics K which is for (short)Stories F which is for Old posts
Well it's like these. Something that lacks a real topic.
Something related to my personal life. Yes I know bad idea for opsec.
Tech topics which be anything from me reviewing something or me posting stupid code. Also tryhackme and hack the box stuff are included
These are doodles or drawings.
Well surprise surprise I'm a gamer. So you might see some clips.
Investigation topics are going to be light. Solely because these stuff will normally take time but these are light skimming.
While I ain't schizo I do see shit on occasion so I thought of posting them here. These are converted from my journals though.
I doubt I'll post a nsfw topic. But it might be short story that is nsfw.
These will rarely be new but often just retyped up short stories I did from highschool or younger.
These are just old posts from elsewhere.
The system just might be the 2nd line will have the (number) – (tag) so for example (0687 – YNDF)
(0001 – G)
from risibledog
just checking out the possibilities here. also got a mastodon account on the same server.
from Hyperscale Security
It just about two weeks before RSA Conference 2023, and the hype train accelerates even beyond its usual fever pitch. Learn what the latest threats are you should definitely buy a new tool for. Find out what version of Zero Trust we're at and what generation the latest NextGen Firewall. See which cybersecurity startup has the biggest booth.
Is XDR still hip? In cloud security, nobody even wants to say “CSPM” anymore, and CNAPP's oxygen is increasingly stolen by DSPM, the newest kid on the block. It could have been CIEM, but that is such a poorly named category that it didn't make it. CIEM probably is an IAM subcategory anyway, but that sounds so old-fashioned, boring and unsexy.
But none of that matters, anyway, because since ChatGPT was released, the entire cybersecurity industry has an opinion on the dangers and risks, as well as possible benefits of Large Language Models.
“ChatGPT-enabled” will be all over the show floor.
Reports by the vendors of our shiny tools, such as this recent one by Qualys, show that we may have shiny tools, but they just record poor security postures. Visibility is better than having nothing at all, but deployment of tooling is just the beginning. Next comes the engineering of contextualizing alerts and findings, enrichment with metadata, and the ability to attribute them to the right team in the organization that can do something about them. Then comes the reporting, SLA tracking and organizational accountability, the developer and workforce enablement and security awareness, and compliance processes.
Everybody wants to evaluate tools, run PoCs, define security architecture, requirements and policies for others to follow. But we shy away from doing the hard work of making our environments more secure. That, we say, is someone else's problem. If only the developers and ops people would just do what we say...
It is still about the “basics” – the unsexy, really hard things you need to do:
Zero Trust requires that you do all these things to be effective. The same is true for ransomware or data extortion attacks. We debate esoteric, academic risks and conceptual frameworks instead of how to practically run effective security programs. We talk about post-quantum cryptography when NIST hasn't established standards yet, and we still can't get our organizations to rotate keys periodically.
I have been in Silicon Valley over 20 years. When all the hype was about the gig economy, social media and the startups in the city, the real innovation took place in the Valley (and Seattle/Bellevue, to be fair) – where big tech companies were figuring out how to run large data center and cloud services.
I have the feeling we're going through the same thing in cybersecurity at the moment. The industry is off doing their own thing that gets a lot of attention and is unquestionably overfunded, while SecOps teams within organizations are adopting cloud-native and DevOps practices to innovate and engineer new processes to drive effective security outcomes. Often based on open source solutions.
That is not sustainable. Budgets are flat or tightening. And the industry can't reprice itself because it is too leveraged.
Have a fun RSA, everyone. It may be the last exuberant one before the crash.
from Zate
no, really, is it?
from Jake
What is this? Test?
from Ducks
I've thought about using WriteFreely for a blog some day. Hosting/installing it myself is way out of my league. So it was a pleasant surprise when I discovered that infosec had this possibility.
But I have always been slow and in addition age is now showing. Working on a couple of drafts, perhaps they will be finished. Some day.
I prefer not to write too much here, maybe some day.
from Elisabeth's Cybersecurity Blog
I wanted to share some notes on how my job search went this year. I was looking for a security engineering role here in Stuttgart, Germany, or remtely, ideally for a company with an established security team or culture, where I could learn from established processes and mentors.
Tools I used:
On LinkedIn Finding jobs to apply to was not as easy as I had expected. LinkedIn Job's search query is pretty bad. Searching for “security engineer” returned many unrelated roles. By the end of my 2nd week of applying, my search input was “security engineer -fullstack -backend -cloud -junior -software -informationssicherheit”. That last word may be surprising since it means Information Security in German.
I don't speak German well, and that closed 75% of job postings for my local area. This and the fact that I don't have a degree in a technical domain are probably the reason I got rejection emails in less than 24 hours from a certain number of consulting companies.
The jobs I could apply for were mostly with start-ups that were remote-friendly, were looking to start a security program and were looking for their first hire. That was not really what I was looking for, but I could not afford to be picky.
I applied to every job where I matched 50% of the requirements layed out in the job description. This is a tip I got from the Women in CyberSecurity (WiCyS) mentorship program. Research has shown that women tend to apply for jobs only when they match 80% to 100% of the criteria, but men tend to apply a lot more freely, where they match ~50% or more. So I decided to be bold and that paid off.
Cover Letters and Resume For cover letters, I usually copied the job description into a new word doc and used the wording of the job description to describe the work I have done and how my experiences fit with the job opening. I did not do this for all the jobs I applied to, but it was very helpful. There is nothing more daunting than starting with a blank page.
I've met someone recently who has attended CactusCon this January. One of the talks there was about using this technique too, but for creating job-specific resumes rather than cover letters. That seems like a lot of work, but I'm sure that's a good way to write a solid resume. Here is the resume I used for all my job applications.
For the companies that did find my resume interesting and started the interview process with me, none rejected me throughout the different rounds. The type of interviews I had were a little different everywhere. Some companies had technical rounds, with sample penetration testing exercises, but most where simply chats through my experience and discussion scenarios, strategies and tools. Nothing too challenging. The key for me was to remember that: – How I do on this interview does not define me. – Whether the people I talk to like me or not is not a reflection of who I am as a person. – It's okay if I am not a match for what they are looking for. It's okay if they are not a match for what I'm looking for. – Be honest and transparent. Be open about what I don't know. – If I fail this interview, I will learn something and be better prepared for the next one.
I usually took a few minutes before the interviews to scribble some version of that at the very top of my notepad, to let it sync in and be a reminder during the interview. This helped me go into all interviews quite relaxed.
I wrapped up the first two interview processes within 3 weeks of first applying. Both were with large, stable companies, with established security teams, and the jobs were fully remote. Both also happen to have women team leads. They were exactly what I was looking for, so I started turning down some of the other companies (all start ups with no security team) I was in process with. I sent everyone polite messages letting them know I was moving forward with another company, and added the hiring managers on LinkedIn to build my network and keep in touch.
Every single company I talked to either asked about salary expectations when submitting a resume or in the very first interview with the recruiter. I am glad that was handled early so that there were no surprises when the offers did come through.
I used offer A to negociate offer B. A had a higher total comp. Company B matched it. Then I went to company A, told them I had another offer with a higher montlhy gross salary. So they (almost) matched it. In the end, the offer I accepted was almost 15% higher than where it started.
Negociating was very uncomfortable but it was worth it.
Networking In December, I attended BlackHat Europe in London, with the main goal of networking in preparation for my job search. I made some connections, but none that led to opportunities this time around. I also attended OWASP's Global AppSec Conference in Dublin in mid-February. I met a lot more interesting people there, but by that time, I had already accepted a job offer, so I got to fully enjoy the conference. None of these trips were wasted efforts, since I get to build and strenghen those connections now. I hope to meet some of the same people at future conferences, and to be able to help them find their next job too.
On job searching in Stuttgart I have a friend here in Stuttgart who also works in the cyber security industry. He has about 2 years of experience in cyber but in a non-technical area. He is also German and has a masters degree in physics. He told us he got a job offer after a single one hour phone interview with a major consulting firm. Like I mentioned earlier, I was turned down very fast by similar companies, despite having more experience than him, but I attribute that to the language and degree requirements a lot of those companies have here. This is Europe and this part of Germany can be considered especially conservative and slow to change.
All that to say the job market is very hot.
from Alan Yue, CISSP, CCSP, CRISC, CBCP, PMP, PMI-ACP, 5xAWS, 1xMSFT
How I prepared for and passed the Microsoft Azure Fundamentals AZ-900 exam.
So, in addition to all the “alphabet soup” after my name, and the five (5) AWS certifications I hold, I had some time on my hands and decided to get some Microsoft/Azure certs. Why not? The first eight Fundamentals exam vouchers (US$99 each) are FREE! And, the reality is that even organization that are gung-ho AWS may have some Office 365, Sharepoint, or Active Directory that they are using. So, being a “multi-cloud / hybrid-cloud” kind of professional makes sense. Dollar$ and ¢ents.
Microsoft has a program called “Microsoft Virtual Training Days” (MSVTD). Where, for “XX-900” Fundamentals certifications, by attending a two-day (3.5 hours day #1; 2 hours day #2), they give you a 100% discount on a $99 Pearson Vue exam voucher. The MSVTD you attend doesn't even have to be in a language you speak! However, be ready to answer “Knowledge Check” questions and it helps to have Google Translate handy.
So, Basically, they're giving away Fundamentals level certifications for the cost of attendance. And, they're good forever! No continuing certification requirements!
Today, I passed with an 850 our of 1000. I'd post a picture of my score, but I haven't figured out how to embed images here yet. So, if I could do it, so can you.
Here's how I did it.
First, I read the rules for the certification on the Microsoft website. You can't win the game if you don't know the rules. https://learn.microsoft.com/en-us/certifications/exams/az-900/
Then, I purchased Scott Duffy's Udemy course and practice tests.
https://www.udemy.com/course/az900-azure/
https://www.udemy.com/course/az900-azure-tests/
I went through the Udemy course first.
Seriously, it took me about 2 days to pre-study the AZ-900 and pass one practice exam. A plus is that it counts as 6 CPEs against pretty much any and all ISC2, ISACA, and DRII credentials.
TIP: In hindsight, I should have done more of the hands on labs even though this is supposed to be geared towards non-technical and technical new to Azure candidates. Because I probably could have done better on the exam if I had put in more lab time on the console. Not the CLI or Powershell...the Azure Console.
Because I don't like paying after-tax dollars on anything I don't have to, I wondered if there was a way to get free exam vouchers.
MS Fundamentals level exam vouchers are US$99.00!
That's the price of a nice breakfast cronut here in San Francisco!
Low and behold I learned about the MSVTD program from Medium!
https://medium.com/techwasti/az-900-certification-how-to-get-free-voucher-and-how-to-pass-eef7c9b4f33e
So, YOU MUST create an account at https://learn.microsoft.com/ if you want to get the voucher “discount”. Then while signed in, I navigated to the bottom of the page to “Virtual Training Days”. You've got to attend one of these if you're going to get the voucher. The voucher “discount' will be credited to the email address you use. I suggest using a personal email address rather than a corporate email address “in case you change jobs” 😉
The program is popular, and I was in a hurry because I was already scoring in the high 80s on the Udemy course practice exam. So I signed up for the earliest offering which happened to be in German and at Midnight Pacific Time: 2.5 Hours-ish each of two consecutive nights. I used Google Translate to as I watched. The MSVTD training is a good complement to the Udemy course.
About a week later, I got my “discount” applied to my Microsoft Certification account.
TRAP: Be sure to clear your browser cache and/or open an incognito window and sign in to your Microsoft Certification account to overcome a bit of a glitch in getting my voucher discount.
Depending on where you live the PearsonVue testing center (if you go for in-person proctoring) may be booked up and you will have slots open that are a week or more into the future.
I returned to my study materials two days before the exam to “refresh” my knowledge.
And, here I am with another newly minted credential, and with practical knowledge that will help me with The Real Exam...when I'm sitting at the table with technical and non-technical clients assessing their business situation and facilitating a collaborative conversation towards creating and delivering business value.
There you go. The whole Secret Sauce with all the ingredients! Enjoy!