“Kuwait, similar to the other Gulf countries, is an oil producing country, where the national income depends highly, in very high percentages, on the oil production and exploration, as well as exporting. So securing and having the right measures of cybersecurity within these operations really relates to the national security of the whole country as it can impact the whole national income. From that comes the critical role of us playing, let’s say, the cyber defenders for these digital oil fields borders for our country and even our entities within Kuwait, so that’s how critical it is.”

Reem Al-Shammari is the chief information security officer for the Kuwait Oil Company. She sits at the intersection of a massive swath of her country’s economy – oil and gas – and the need to secure it against emerging threats faster than government regulations can be established. Because Al-Shammari works within a global industry, she also has to help ensure cross-border information sharing frameworks and practices for the six Gulf countries to stay one step ahead of bad actors.

(Subscribe to Hack the Plant on Spotify or Apple, by RSS feed or search for it wherever you listen to podcasts.)

Transcript:

Joshua Corman:

Our dependence on connected technology is growing faster than our ability to secure it, especially in areas affecting public safety and human life.

Bryson Bort:

I’m Bryson Bort. And this is Hack the Plant. Electricity, finance, transportation, our water supply. We take these critical infrastructure systems for granted, but they’re all becoming increasingly dependent on the internet to function. Every day I ask and look for answers to the questions. Does our connectivity leave us more vulnerable to attacks by our enemies? I’m a senior fellow at the R street Institute and the co-founder of the nonprofit ICS Village, educating people on critical infrastructure security with hands-on examples, not just nerd stuff. I founded GRIMM in 2013, a consultancy that works the front lines of these problems every day for clients all over the world.

P.W. Singer:

It’s playing out in Israel right now, where hackers have been going after Israeli water systems. Again, not to steal information from them, but to change the setting on the chemicals in Israeli water.

Bryson Bort:

Each month, I’m going to walk you through my world of hackers, insiders and government working on the front lines of cybersecurity and public safety to protect the systems you rely upon every day.

P.W. Singer:

If you think that the small town water authorities and the mom and pop size companies have better cybersecurity in the US than the Israelis do, I’ve really, really bad news for you.

Bryson Bort:

An attack on our critical infrastructure, the degradation to the point that they can no longer support us, means that we go back to the Stone Age, literally overnight.

Joshua Corman:

If we think the government’s going to solve it for us, we’re wrong. We have to help them.

Bryson Bort:

This is not a podcast for the faint of heart. If you want to meet those protecting the world and what problems keep them up at night, then this is the podcast for you.

Bryson Bort:

On today’s episode, we’re talking to Dr. Reem Al-Shammari, chief information security officer, in other words, the leader with the final say on cybersecurity at the Kuwait Oil Company. She’s here today to discuss cybersecurity challenges in the oil and gas industry and what private companies and government leaders can do to keep us safe from attack.

Reem Al-Shammari:

As we all know, that the adversaries is always collaborating with each other. They have their own forums where they can share all these threats in the dark web and all of that. Being an oil and gas industry, it means we under the same threats, we under the same adversaries and [inaudible 00:02:57]. They always utilize the social engineering as a first stage to compromise or to gather the information they need, knowing that human factor can be a vicious thing in that defense. Imagine that you’re building a very high defensible castle and one of the citizen of that castle, just at one night, he feels a little bit humid, or he needs some air, so he just opens that window just slightly to have that breeze of air. Cold air comes at night to him and he sleeps.

Reem Al-Shammari:

The adversaries would spot that weakness and would make best of that. Sometimes the human factor, curiosity, will always play a role in enabling these attacks happens. So the adversaries are very, very aware of that human factor.

Bryson Bort:

In this episode, we discuss operational security of oil and gas pipelines. The absence of regulation in industrial control systems, and how regional and international groups collaborate to share threat intelligence.

Reem Al-Shammari:

It’s even better for us as, let’s say, the good guys, to collaborate, to share our threat intelligence, to give each others heads up of what’s going on in the region.

Bryson Bort:

Reem oversees cybersecurity in the oil and gas sector in a part of the world where it plays a critical role to her country’s national cybersecurity. She leveraged the capabilities of the Kuwait Oil Company, leading several initiatives that resulted in a remarkable positive impact, reaching national, regional and international levels. She’s the co-founder of the Women in Cybersecurity Middle East Group, which will have its first virtual conference coming up 14 to 15 November.

Bryson Bort:

So, you effectively oversee cybersecurity for the entire oil and gas industry in Kuwait. Of course, Kuwait has a heavy economic dependence on oil, raises national security questions. Just how critical is this issue, Reem?

Reem Al-Shammari:

It’s very critical. Me be leading the cybersecurity in Kuwait Oil Company, which is one of the other nine, 10 companies within the oil sector and there’s a forum that collaborates all these 10 companies and the KOC is leading that forum and I’m representing KOC in that forum. We have established this forum where we have collaborating efforts and sharing intelligence. The aspect, or the purpose from this forum is really relating to your question, when you said how much critical cybersecurity in oil and gas industry.

Reem Al-Shammari:

Kuwait, similar to the other Gulf countries, is an oil producing country, where the national income depends highly, in very high percentages, on the oil production and exploration, as well as exporting. So securing and having the right measures of cybersecurity within these operations really relates to the national security of the whole country as it’s impact the whole national income. From that comes the critical role of us playing, let’s say, the cyber defenders for these digital oil fields borders for our country and even our entities within Kuwait, so that’s how critical it is.

Bryson Bort:

So what are the main challenges with the form that you’re working on and I assume that that is helping to share threat intelligence across all the different companies that are participating?

Reem Al-Shammari:

Well Bryson, I have came into the conclusion that the challenges, although in spite of different culture, different of geographical areas, when it comes to oil and gas industry, we have the same challenges. I’ve been listening to different podcast and attending different forums for ICS and scale their challenges with cybersecurity and all of the CSOs and all of these professionals in cybersecurity really addresses the same challenges. One of them is, which we all of us is aware of, the lack of collaboration between IT and OT. When we have a big gap where there’s no alignment towards collaboration in having the cybersecurity aspect. We do have this lack of communication between both parties because sometimes everyone is very much focused and their priority that we are focusing on OT, where we have the production and operation should be continuously there, while in IT, it’s availability of the service.

Reem Al-Shammari:

Different priorities but again, as cybersecurity we are covering both and we are securing both, and that’s why we need to merge and find a win-win situation and the shared zone where they can both work on that zone in order to secure the whole company. As you are aware, that sometimes, there can be lateral movement from IT vulnerabilities or comprised, let’s say machines, or servers. Where it can then lateral movement to the OT through the … assuming the myth of having the air gap, you would have some … let’s say lateral movement from IT to OT, or vice versa. So you really need to have this buy-in between both. You need to have this alignment with the spirit of having one, let’s say, collaborative goal towards ensuring the cybersecurity maturity in both areas and it’s really what puts the big burden on us as cybersecurity officers and teams where we are addressing both areas under the same role, and we need to do this alignment with both mindset and get that shared zone where we can have this alignment being built in, the buy-in from both and aligning them with our own objectives, which is securing the whole industry and the whole country by itself, as well.

Bryson Bort:

So what do we do in the absence of government regulations related to cybersecurity and industrial systems? What’s at stake and what role and responsibility to you have Reem?

Reem Al-Shammari:

With the absence of some of the regulations in this area of control systems, we of course map to the best practices and the global standards and we have different entities that we’re following, with the cybersecurity and industrial guidelines as well as regulations and let’s just say we have our own commitment toward securing the operational technology environment as well as the information technology environment, the IT.

Reem Al-Shammari:

So do our own homework to map to the international standards when it comes to industrial control systems. We make sure that, because we do have an auditing mechanism and we do have some of mechanism, even within internally, our cybersecurity team, I do have an auditor and compliance arm, where do these exercise of auditing our own operations when it comes to cybersecurity. So instead of waiting for the regulations of the government to come into action, or to formulate officially and being shared, we build our own, let’s say framework, which is very much aligned with the best practice around the world, industrial and global ones and which, by default, when our governmental and local guidelines towards the cybersecurity industrial control systems pops into the picture or get formulated, we will for sure be aligned with that because they will conflict or be in a different island than what is being utilized and accepted at a international level.

Bryson Bort:

Transitioning now from a national and an international question, how do these questions that you’re dealing with at a national level fit into the global oil supply chain?

Reem Al-Shammari:

Excellent question. We deal in three levels. Let me put it this way. We deal with a national level, which I just shared where we are sharing the threatened agents within our oil sector within Kuwait and we have a forum that is being very much a success story, where we have a high trust between the members and a wonderful professionalism spirit, where we are sharing threat intelligence on time, building our capabilities and having a shared roadmap to all of us, like for our 2040 strategy. The concept and the fact of her being stronger together is no longer just words. You will see me using that hashtag very much, a lot in my posts and wherever even social media, or even within my communications, because I have witnessed that this type of collaboration and gathering of these efforts in sharing threat intelligence and sharing the best practice, especially when it comes to a very critical field, like cybersecurity, will really make us stronger, will really make us in a much, much better advantage, as we all know that the adversaries is always collaborating with each other.

Reem Al-Shammari:

They have their own forums where they can share all these threats in the dark web and all of that, so it’s even better for us, as let’s say the good guys, to collaborate, to share our threat intelligence to give each others heads up of what’s going on in the region because being an oil and gas industry, it means we under the same threats, we under the same adversaries and targets as well. This is on the regional level.

Reem Al-Shammari:

When we go a little bit … one level up, which is the international and global level, I had the privilege and the honor also to join another forum at the global level, which is the World Economic Forum, where they have a wonderful initiative called the cyber resilience. The World Economic Forum is an independent and fully impartial global platform where they have invited different private and public sector stakeholders from different parts of the world to share their thoughts and build that ecosystem where these insights are being captures, where these insights are being discussed and shared and a very independent platform and a secure and safe environment.

Reem Al-Shammari:

This initiative, to be honest, I was thrilled because it had three tracks, where we are addressing the culture aspect of that, we also addressing the cyber resilience part, as well as the supply chain and these stakeholders or the audience in each track, they are watching and meeting as if we are one team under one company. The spirit that these teachers are sharing and the transparency, we have built in our thoughts, in our, let’s say feedback, is really developing and contributing into a wonderful built framework that we are currently developing, which looks at the whole ecosystem. Not only at the operational level, not only at the regulatory level, we’re trying to a holistic framework that addresses different levels of the whole ecosystem within oil and gas cybersecurity industry and it has that flexibility, let’s say, ingredient in it. So any country, irrespective of its culture of that, can utilize this framework with a little bit of customization and tweaking to address its own flavor of culture, or let’s say policies and regulations. But yet, that framework can be and will be used very professionally and beneficially eventually by these, including oil and gas. This is what is still in progress, but I can sense a wonderful progress and I have been enjoying each meeting I’m attending with these wonderful professional leaders and subject matter experts from different entities, from different private sectors and tackling different components of that ecosystem, oil and gas.

Reem Al-Shammari:

All of us is trying to collaborate in developing something for the whole world and this really makes my heart smiles because I enjoy this. I enjoy contributing to the community. I enjoy seeing people working together and collaborating together towards making our community much better and much safer for our operations and our communities and entities as well.

Bryson Bort:

Did you mention a 2040 strategy?

Reem Al-Shammari:

So we do have a 2040 strategy for different tracks within our oil sector covering technology, covering cybersecurity, covering different aspects under our business, but me, or my focus as KSU are leading the cybersecurity for these K companies of this oil sector and we have been achieving with the thanks and the contribution of the teamwork, the whole nine companies, we have been achieving success stories for that, for now 2040 plan, yes.

Bryson Bort:

Can you share one of those successful case studies that you just mentioned?

Reem Al-Shammari:

Yes, sure Bryson. I would love to share the success story. So one of our success stories was building a unified K cybersecurity framework and the K stands for the Kuwait Companies in Oil and Gas Sector. So what we have done is that we have initiated a collaborative exercise where we have defined four main areas of cybersecurity [inaudible 00:18:03] mainly the cybersecurity capabilities are being built, which is strategy, secure, resilient and vigilant and that these four main areas, we have defined 34 capabilities that fall under … and being divided and categorized under these four main areas.

Reem Al-Shammari:

We have done lots of assessment, we have done lots of interviews, quality checks on all of that, where we have reached to this unified K cybersecurity framework and developed a dashboard. The dashboard for each of these main areas, the main four capabilities addressed these 34 skills for the whole oil sector. For me when I presented that to our C Suite and executives of the whole oil sector, that was for me the sense of joy, the sense of proud because within one dashboard let’s say, if we give example, for let’s say a Vigilant cyber resilience, or for the Vigilant portion or component, we have identified between the nine companies which company is leading that part of capability. Let’s say X company is being the best in cyber analytics, the other X company is doing very nice in the, let’s say, DLP, the other company is doing wonderful job in the, let’s say, the shock operations and all of that.

Reem Al-Shammari:

So we did have different capabilities and from that dashboard, we then gave the visibility to our executive to see which K company have the maturity required in that specific capability that can be utilized to leverage it to the other peers of K companies in the oil sector instead of each K company start to build its own capability from zero, or reinvent the wheel. There’s no need. You can see which one of your sisters is doing an enormous job and just call her to teach you the trick and this is where it really happened, leveraging the resources, sharing the best practice, and we had that framework that really identified for us which one of these are leading in that specific capability within one dashboard. That what really made it an excellent success story because it’s not only operational, it’s even at the C Suite, at the management level, they have this visibility. Visibility means a lot in cybersecurity, especially when you talk to C Suite and you need to present in a very business language and that dashboard has combined both, the business language and the effectiveness in how to address these resources of many and huge companies within a defined and utilizing one unified, cybersecurity framework where you can utilize and benefit and leverage each company’s maturity efficiently to serve the other K companies.

Reem Al-Shammari:

At the end, yes, we are different companies but we are serving one income, we are contributing into a national income of one country, which is Kuwait, and at the end, we are one oil sector of Kuwait that is representing the industry within our region and for that, we are collaboratively working toward a very unified goals and objectives and utilizing the collaboration in building and leveraging the capabilities to all the others, to reach the same maturity and support each others. Again, together is always stronger.

Bryson Bort:

How do you do threat sharing with an adversary? I mean, surely that’s part of the challenge of the politics of we have to be friends with them, they’re allowed to be in our club but we’re sharing the intelligence of what they’re doing with them?

Reem Al-Shammari:

Exactly, but when it comes to sharing with intelligence in the oil and gas, we’re very, very much a close community because we’re relating it to the Gulf countries and the Gulf countries, we are friends. We’re talking about Kuwait, Saudi Arabia, Emirates, Qatar, we have Bahrain, Oman. So these are the six countries of the Gulf and we have already a common Gulf Council that we have several initiatives already taking place in our one region, our national income depends on oil production, a very high percentage, so we’re all in the same boat. We have been into a very revolutionary jump when oil was discovered in all of our six countries and all of that economy and all of that income has been impacted heavily ’till this moment. So we do not share threat intelligence with the others, that I believe you know who, who are also oil producing countries and we’re being very much aware of that and we’re being very much careful from that but we have built this threat intelligence sharing forum with these in our safe place, or safe environment community, which is the Gulf countries, up to this minute anyway.

Bryson Bort:

How does the adversary behave? I mean, you’re on the front lines there with the Gulf Coast countries, of a lot of turmoil and with the dependence on oil, it’s a rich target that you have to deal with every day. So what did they do?

Reem Al-Shammari:

Similar to any other industries, and we know that the financial has always been one of the highly targeted, similar to the oil and gas industry, the adversaries is always being creative and keep coming, or let’s say developing, new techniques, in new broaches and new malwares and it’s actually sometimes becomes like one of the Sherlock Holmes or Columbo series, where I enjoy just looking at the artifacts of that malware, or looking at the incident analysis and I enjoy being on the ground with our incidence responders, just looking at the storyline, how did that incident happen?

Reem Al-Shammari:

But I can see a common factor from different incidents in oil and gas industries and even around the world, that the adversaries always put their most bet on human factor. They always utilize the social engineering as a first stage to compromise, or to gather the information they need, knowing that a human factor can be a vicious thing in that defense. I always give the examples to even non-cybersecurity professionals, or even when I go to commercial committees and all of that. I keep saying, and even our leadership at some moment, that we do investment and imagine that you’re building a very high defensible castle and one of the citizen of that castle, just at one night, he feels a little bit humid, or he needs some air, so he just opens that window just slightly to have that breeze of air. Cold air comes at night to him and he sleeps.

Reem Al-Shammari:

With that action, although he did that not deliberately to harm the castle, or to break down all defenses, but it was a weaknesses, where let’s say, the adversaries would spot that weakness and would make best of that. Sometimes the human factor, curiosity, will always play a role in enabling these attacks happens. So the adversaries are very, very aware of that human factor because they are also humans and they do know how the humans would think. I believe Bryson you have also witnessed that? Even during COVID-19, the attacks was increasing actually rapidly and I’ve seen statistic that these malicious domains that been created and COVID-19 in general was something around 100,000 and when it came to the COVID-19 peak in March, it was 500,000 malicious domains of COVID-19. This just give you an indicator that adversaries will always take opportunity of any impact that happen to the whole world, to the whole citizens of the world.

Reem Al-Shammari:

One of the discussions I had with one of non-cybersecurity colleagues, he was saying, “Seriously Reem? You think the cyber adversaries would think about attacking during a pandemic? Situation with the whole global has been through and people are dying, no way?” So the only thing I shared him is just, I pulled that slide off [inaudible 00:28:07] and showed it to him. For that, he was surprised that although we are all humans but with different motives, these adversaries will almost make best of any opportunities that shows to the servers and for that we need always, yes we are ICS, cybersecurity professionals, we enjoy, our heart is there, but we need always to invest on that human factor. We need always to align that human factor, that employees within that asset, within that refinery.

Reem Al-Shammari:

We need always to align them with us, to make us very much aware that we cannot do it without you guys. Yes, we are building wonderful regulations, we are aligning with excellent standards at ICS, we are investing in hi tech and next generations of ICS, firewalls and all of that but yet, our focal investment and our focal key player in all of this equation is our operators, is our engineers, is our PNC analyst and even maintenance engineers, that really plays and maintains and supervises these PCs and these CSs and keep them running. So we need always to educate them. We need to make them our cybersecurity champions and advocates, irrespective of how much investment you do in ICS, this is still a mandatory thing we need to do but we should never minimize the impact that these people are playing into raising the cybersecurity defenses posture and let’s say, preparedness and this is why I always advocate.

Reem Al-Shammari:

Yesterday when I was putting my head to sleep, I was thinking, “What would be a wonderful awareness message to these guys at the asset? What would really get their hearts into being very much interested in securing or learning about cybersecurity?” This what really keeps me many times awake because the human factor is very interesting element and we need to know the right question in order for us to address it and utilize it and recently within my Harvard studies, I learnt that we need to map the three factors together, from professor Linda Hill, she’s a wonderful doctor there. She said that we need to align the head along with the heart and make it feasible once the alignment happens for hands to take action.

Reem Al-Shammari:

So even within our awareness messages that goes to the OT, which is a little bit challenging for us to bring them on, because they are not coming from an IT background, we need also to take that approach and that strategy in getting their heads aligned with their hearts and making sure what’s in it for us if we really take that cybersecurity session? What’s really for us if we do that checkup of quality check or cybersecurity check and complete that survey? What is it for us? So we always need to take their heart and their buy-ins and also align it with the head and the roadmap and the importance of being a cybersecurity defender of your national income and national security of the whole country and then give them the tools, give them the toolkit where they can really take all of this passion and all of this mindset being aligned with … be our cybersecurity advocates and champions into raising this knowledge and spreading it in their OT community and on our operations and fields and refineries as well.

Bryson Bort:

So, one last question Reem, this is the big one. This is what we’re going all together. If you had a magic non-internet connected wand, it had a real air gap, what is the number one thing you’d make happen with policy makers across the globe?

Reem Al-Shammari:

Oh a very wonderful and tricky question. I would ask for a magic wand but magic is always you can see, it’s very much visible in Marvel and Disney but unfortunately, we cannot see it in our cybersecurity field but I do think that the policy makers, the global policy makers, can do something or at least some similar activity to what the World Economic Forum are doing, where they are very much initiating that initiative at the cybersecurity resilience and to oil and gas and actually, they are doing also the same with financial sector as well as electricity. But yet, if the policy makers across the global have a collaborative, let’s say understanding, of all of the cybersecurity oil and gas challenges and actually I always emphasize this, we really do not need to reinvent the wheel. We can build off what we are working today within the World Economic Forum, we can build on that and from that, also they are one of the stakeholders of the policy makers, we can also build on that and the policy makers can utilize this forum, or this initiative to build upon it a very collaborative, flexible and resilient, let’s say standards, regulations, where we can deploy it around the whole ecosystem, starting from us as companies and entities and ending up to our supply chain and partners.

Reem Al-Shammari:

Supply chain is very, very crucial in oil and gas because we do depend highly on our partners and our vendors and in many incident and crucial incident that took place in the previous periods was through compromising these supply chains and compromising those partners that didn’t take the rightful measures of cybersecurity, while the main player, or the main oil and gas entity, did due diligence, and did perform their full homework of raising and investing in a very safe cybersecurity posture. Yet, due to the, let’s say … due to the lack of alignment of such prerequisites of these cybersecurity guidelines, or practices, or at least standards, you can see there will be some vulnerabilities and we can see in these partners or third party suppliers, and this is where the supply chain will be an issue and actually a big challenge for oil and gas industries to address.

Reem Al-Shammari:

So if the policy makers can really develop a collaborative framework where they address this big challenge and have it as a global, however a flexible guideline of a framework and policies, this would really help us as oil and gas industry as a whole throughout the globe, to not really resolve the whole thing, but it will really contribute in making our life a little bit better, by incorporating a one unified policy and a framework that addresses this supply chain matter or issue.

Bryson Bort:

What’s your background? How did you get into this line of work?

Reem Al-Shammari:

Kuwait Oil Company was my first career and still and when I first join there, I joined in the network section under IT and my supervisor had a vision towards my career and he really taught me and he was a very wonderful leader but he was very transparent in sharing with me his vision. He told me that he would like to build out for me a wildcard where he can inject in any project an a success story follows out. So what he did really is that he kept injecting me into different projects with different IT backgrounds and due to my, let’s say skills of love to learn, I was always adapting and picking up the new technologies and leaving them success stories because I also have a professional project management licenses, being certified since 2005.

Reem Al-Shammari:

I was nominated to lead the IT taskforce in enabling the digital oil fields projects throughout our company with a couple of pilots in different assets. We were able to see that these technologies are enabling the business, yet have some risks accompanying them, if not being addressed well. So I believe even before getting to cybersecurity, or even having a dedicated team, I had that instinct within me and I believe this is one of the good aspects of being a woman, that we have a built in risk in our instinct and appetite a little bit higher towards things. So when we realized that we would be enabling digital oil fields in these assets, which means that it can be remotely controlled, where you can open the valve, increase the pressure, or reduce the temperature, we knew that there is a risk if the right alignment were not done between IT and OT.

Reem Al-Shammari:

So for my cybersecurity instinct just kicked in before even becoming a CSO, or before even joining the information security team and as I lead that role of being an IT lead to that taskforce, I was always playing and putting the hat of cybersecurity in addressing the risk, making sure that we have the right alignment between both parties and making sure that whatever we enable, the right risk has been identified and the proper mitigation has been taken to place to address them.

Bryson Bort:

Well Reem, thank you very much for joining us today and bringing a truly international perspective and of course, it has just been so wonderful to hear about your background and all of the accomplishments that you’ve done. We look forward to your next PhD.

Reem Al-Shammari:

Thank you so much Bryson, I think my next PhD, I would say that very quickly is our Women in Cybersecurity Middle East, I think this is my next research, I’m a co-founder of a wonderful cybersecurity forum of more than 800 ladies in cybersecurity, ranging from high school girls up to indies and executives in cybersecurity who are residents in Middle East, so this is my next PhD, I’m actually devoting many of my time and contribution to this wonderful community, where we are empowering women in cybersecurity, especially in the Middle East, we are collaboration with other women in cyber around the globe and forums, where we are trying to secure our communities and as well as empowering the woman around the globe and even the Middle East to play a much better, a much active role in the cybersecurity community and if you may allow me also to just announce that we are having our first annual conference coming in November and we have opened this call for papers there, where we are including woman speakers from around the globe in cyber to really participate and make their voices much being heard around the globe. So this is my next PhD, contributing more to our society and community and empowering all women and ladies around the globe. Thank you so much, Bryson.

Bryson Bort:

Another project of passion. Where can people go to get more information?

Reem Al-Shammari:

Okay, so if they just google about Women in Cybersecurity Middle East, or www.womenincybersecurity.me it will go there, or even just put WCISME in Twitter and they will reach us.

Bryson Bort:

Excellent, well good to talk to you again my friend.

Reem Al-Shammari:

Thank you so much Bryson for this opportunity, I really appreciate that. Thank you.

Bryson Bort:

Thank you for listening to Hack the Plant, a podcast of the R Street Institute and ICS Village nonprofit. Subscribe to the podcast and share it with your friends, even better. Rate and review us on Apple Podcasts so we can reach even more listeners. Tell us what you thought about it and who we should interview next by finding us on Twitter at RSI, or at ICS_Village. Finally, if you want to know more about R Street or ICS Village, visit rstreet.org, or icsvillage.com. I’m your host, Bryson Bort. Thank you to executive producer Tyler Lowe of Phaedo Creative, creative producer William Gray, and editor, Dominic Sterritt of Sterritt Production.